FBLocker Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 1 |
First Seen: | May 24, 2018 |
Last Seen: | July 13, 2018 |
OS(es) Affected: | Windows |
The FBLocker Ransomware is an encryption ransomware Trojan. The criminals responsible for the FBLocker Ransomware have no intention of helping the victims recover the affected files so that the FBLocker Ransomware functions as a data wiper effectively since the files it encrypts in its attacks become unrecoverable. This justifies the necessity to take precautions against the FBLocker Ransomware and similar threats.
The FBLocker Ransomware's Intent is to Attack Facebook
Most encryption ransomware Trojans use a strong encryption algorithm to make the victim's files inaccessible so that it has grounds to demand a ransom payment in exchange for the decryption key. However, the FBLocker Ransomware does not save the decryption keys used to encrypt the victim's files, which causes these files to become unrecoverable once encrypted. The FBLocker Ransomware seems to have been created to express dissatisfaction with new Facebook policies. The FBLocker Ransomware encrypts the victim's files and then delivers a message to the victim. The FBLocker Ransomware targets the same user-generated file types as most encryption ransomware Trojans do in their attacks. There are, below, some of the file types that the FBLocker Ransomware and similar threats will encrypt:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
Once the FBLocker Ransomware has made the victim's files inaccessible, the FBLocker Ransomware delivers a message to the victim in a full-screen window. This is where most encryption ransomware Trojans deliver their ransom demands, to ask for a payment. The FBLocker Ransomware, instead, delivers the following message, which includes a photo of Mark Zuckerberg, founder and creator of Facebook:
'What Happened to My Computer?
Your important files are encrypted. Many of your documents, photos, videos, databases and other files are no longer accessible because they have been encrypted. Do not waste your time looking for a way to recover your files. Nobody can recover your files.
Can I Recover My Files?
No. My name is Mark Zuckerberg, and I have encrypted your files without saving any encryption keys. I appreciate you executing my program because you have allowed me to ruin more lives.
'A squirrel dying in front of your house may be more relevant to your interests right now than people dying in Africa.'
The FBLocker Ransomware adds the file extension '.facebook' to the affected file's name, which makes it very easy to recognize which files were enciphered by the attack.
Dealing with the FBLocker Ransomware Trojan
The FBLocker Ransomware connects to the IP address 93.184.221.240 to report any successful attacks. The FBLocker Ransomware targets computers running Windows or Android devices. Since the FBLocker makes the files it encrypts unrecoverable, precautionary measures are a must to take if the computer users want to keep their data safe. The best protection against threats like the FBLocker Ransomware is to have file backups on portable drives. The combination of file backups and an updated security product can help computer users prevent attacks like the FBLocker Ransomware and, most importantly, recover any files that could become compromised in the event of an infection. The FBLocker Ransomware may be spread to victims in many ways. The most common way of delivering these hoaxes is through the use of spam email attachments and spammed links via instant messaging and Facebook. Being able to recognize and avoid these tactics is essential in preventing attacks like the FBLocker Ransomware.