Fappy Ransomware Description
The Fappy Ransomware is a crypto locker threat that is based on the open-source Hidden Tear project. That doesn't diminish its potency to cause damage since it can still encrypt the most widely used filetypes found on the compromised computer rendering them unusable, effectively. The name of every successfully encrypted file will be changed to include '.fappy' as a new extension. The Fappy Ransomware drops a ransom note as a text file named 'HOW TO DECRYPT FILES.txt' in every folder containing locked files, but it also changes the default background image with one of its own that has a brief message to the victims:
'All your files have been encrypted!
"HOW TODECRYPT FILES.TXT"
FOR MORE INFO'
Opening the text files reveals far more detailed instructions left by the hackers. They demand the payment of exactly 0.00117 Bitcoins. Most cryptocurrencies fluctuate wildly, but at the current exchange rate, that amount is equal to approximately $12. Victims of the Fappy Ransomware are expected to make the transfer and then send a confirmation to the following email address - firstname.lastname@example.org.
The full text found in the 'HOW TO DECRYPT FILES.txt' file is:
All your important files have been encrypted!
If you want to recover them you need to pay for decryption in Bitcoins
What is Bitcoin?
How to pay & buy Bitcoins:
1. Create a Bitcoin wallet on blockchain.com
2. Buy 0.00117 BTC on localbitcoins.com or blockchain.com
3. Transfer that 0.00117 BTC you bought to:
After doing those steps email us with proof of payment
Our email: email@example.com
Thank you for your cooperation!