Threat Database Ransomware FDFK22 Ransomware

FDFK22 Ransomware

By GoldSparrow in Ransomware

The FDFK22 Ransomware is a ransomware threat that, according to infosec, experts can be classified as part of the Matrix Ransomware family. It deploys a combination of the AES-256 and RSA-2048 cryptographic algorithms to encrypt the infected machine's files and render them unusable. All the most popular file types will be targeted - audio, video, documents, pdf, databases, etc. Some users may first realize that their computers have been infected with FDFK22 Ransomware when they notice that their files' normal names have now been modified drastically. The FDFK22 Ransomware follows a lengthy pattern appending an email address, followed by a 16-digit string of random characters, and finally 'FDFK22' as a new extension. A text file named 'FDFK22_INFO.rtf' and containing a ransom note will be dropped into every folder with encrypted files.

In the note, the hackers provide three different email addresses that the affected users should write to all of them to receive further instructions. There also is the option to send three small files for free decryption. No specific sum is mentioned, but the criminals threaten to increase the price if they decide that their time is being misspent or they are being deceived by the users.

Due to the ransomware's strong encryption algorithms, it may be impossible to brute-force the decryption key unless some major flaw of bug is discovered in the underlying code of the threat. That leaves the victims of the FDFK22 Ransomware with few options. Paying the criminals is not advisable, as this will not only encourage them further to spread their illicit activities, but there are absolutely no guarantees that the victims will actually receive the required decryption keys.

The FDFK22 Ransom Note

As mentioned before, the ransomware encrypts all kinds of files, including audio files, documents, videos, banking data, and other productivity documents. The only thing it won’t touch is important system files. The ransomware drops the following ransom note upon successful encryption;

All yоur filеs wеrе еnсrуptеd with strоng crуptо аlgоrithm АЕS-256 + RSА-2048.
Plеаsе bе surе thаt yоur filеs аrе nоt brоkеn аnd уоu cаn rеstоrе thеm tоdаy.
If yоu rеаllу wаnt tо rеstоrе yоur filеs plеаsе writе us tо thе е-mаils:
In subjеct linе writе уоur ID: –
Impоrtаnt! Plеаsе sеnd yоur mеssаgе tо аll оf оur 3 е-mаil аddrеssеs. This is rеаllу impоrtаnt bеcаusе оf dеlivеrу prоblеms оf sоmе mаil sеrviсеs!
Important! If you haven’t received a response from us within 24 hours, please try to use a different email service (Gmail, Yahoo, AOL, etc).
Important! Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.
Important! We are always in touch and ready to help you as soon as possible!
Аttаch up tо 3 smаll еncrуptеd filеs fоr frее tеst dесryption. Plеаsе nоte thаt thе filеs yоu sеnd us shоuld nоt cоntаin аnу vаluаblе infоrmаtiоn. Wе will sеnd yоu tеst dеcrуptеd files in оur rеspоnsе fоr yоur cоnfidеnсе.
Of course you will receive all the necessary instructions hоw tо dеcrуpt yоur filеs!
Plеаsе nоte that we are professionals and just doing our job!
Please dо nоt wаstе thе timе аnd dо nоt trу to dесеive us – it will rеsult оnly priсе incrеаsе!
Wе аrе alwауs оpеnеd fоr diаlоg аnd rеаdy tо hеlp уоu.

Please note that you should never give in to their demands and pay the ransom. It would be best if you avoided contacting them at all. The extortionists behind the ransomware want you to pay for them to restore your data, which is how ransomware works in general.

The FDFK22 ransomware can create entries in the Windows registry to achieve persistence on the computer, meaning that it starts up whenever you start Windows. It can also create and end processes in Windows, gaining control over the computer. One of the worst things that the virus does is delete Shadow Volume Copies of data on a computer. These data copies are how computers back up data. Deleting Shadow Volume Copies makes it more challenging, if not impossible, to restore data without an external backup.

How Did FDFK22 Get on My Computer?

The ransomware can spread through payload droppers. These payload droppers initiate an installation script for the malware. The payload files can be found on social media and through file-sharing sites, which is why people should practice caution when downloading files from the internet.

Another common source of FDFK22 is freeware on the internet. There are lots of great freeware utilities out there, but some of them are viruses in disguise. It’s best to use official download channels and trusted software as much as possible.

What to do if you get Infected with FDFK22

The worst thing you could do if you notice a ransomware infection is to contact the people behind the virus. There’s a good chance that they won’t provide you with the promised decryption key/tools even if you pay them. Paying them will only encourage them to continue their scam and see you lose money as well as data.

Instead, what you should do is take steps to remove the virus as soon as possible. While removing the virus won’t undo the data encryption, it will prevent future encryption. After making sure the virus is gone for good, you can get to work restoring your data. Use an external data backup to restore your missing files. If you don’t have any external backups, you may be able to use data recovery software.

How to Protect Against Ransomware Infections

Ransomware is one of the many things in life where prevention is much better than the cure. Take steps to avoid being infected in the first place. Avoid using file sharing websites and illegal downloads. Only use recognized and trusted software – and download it directly from the official source or trusted third-party websites. Ignore spam messages from unsolicited sources, no matter how genuine they may appear. Last but not least, make sure your computer has a robust security software package running to detect and eliminate viruses before they can activate.


Most Viewed