Fcorp Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 2 |
| First Seen: | December 1, 2009 |
| Last Seen: | February 2, 2021 |
| OS(es) Affected: | Windows |
The Fcorp Ransomware is a file-locking Trojan that's a variant of Hidden Tear, a free project. The Fcorp Ransomware locks files with the usual encryption methods and holds them hostage while asking for a ransom. Windows users can protect themselves by backing up their work to secure servers or storage devices and use dedicated anti-malware solutions to detect and remove the Fcorp Ransomware.
Hidden Tear Goes Corporate
Although Hidden Tear is the traditional refuge of threat actors who put as little work as possible into their campaigns, some versions are more robust than others. Recent samples like the ByteLocker Ransomware or the Fcorp Ransomware emphasize social engineering themes, regional targeting, and other metrics that put them a step above similar Trojans. Like even the laziest alternatives, though, the Fcorp Ransomware specializes in blocking files.
Thanks to original code from programmer Utku Sen, the Fcorp Ransomware's Hidden Tear family is a long-term resource for hackers, including examples like the HackdoorCrypt3r Ransomware, the Russian Legion Ransomware or the BSS Ransomware. Consistently, the Fcorp Ransomware and its relatives target Windows environments and block media formats like documents, spreadsheets or pictures with AES encryption. This attack stops the file from opening while the Trojan flags it with an extension ('fcorp,' in this case).
Although the Fcorp Ransomware drops the usual text message for demanding a ransom for unlocking the user's files, it also has a secondary note: a wallpaper. This image references the Anonymous hacktivist group with its logo and, more interestingly, includes Italian language instructions instead of the TXT file's English. However, malware experts deem the wallpaper otherwise unremarkable since it merely points towards the 'READ.ME.txt' directions.
Disbanding a Criminal's Faux-Corporation
The Fcorp Ransomware's attacks are nothing new to the threat landscape; most Hidden Tear versions are compatible with the free-to-download unlocking tools on offer through the cyber-security industry. However, malware analysts can't rule out the Fcorp Ransomware versions with secure encryption that may lock the files permanently. In this situation, any Windows user's best hope for recovery lies in previously-saved backups on other devices the Trojan can't attack.
Samples of the Fcorp Ransomware ask for only sixty dollars in Bitcoins at current rates. This price tag strongly suggests the Fcorp Ransomware's campaign targeting home users instead of the more-usual corporate networks or unprotected, smaller businesses. Users should protect their data through disabling threatening features like JavaScript, avoiding unofficial and illicit downloads, installing security patches and using strong passwords.
Appropriate anti-malware products should delete the Fcorp Ransomware quickly, which includes no additional obfuscation or other technical disguises. While users always should disinfect their PCs through proper security software, they also should note that doing so doesn't help with the encryption of data – which only a specialized decryptor can reverse.
The Fcorp Ransomware, which might be a backhanded reference to the Mr. Robot hacking show, also shows a fair degree of care about who it attacks and what it can expect from them. Users feeding its ransom demands unwisely, no matter how small, can expect more Trojans like it in the coming days.
