FileFuck Trojan
The FileFuck Trojan is an encryption ransomware Trojan. The FileFuck Trojan seems to have been created by criminals located in South Korea. While most encryption ransomware Trojans are similar fairly, there are many aspects of the FileFuck Trojan attack that are quite unique, making this threat stand out from other encryption ransomware Trojans. However, at its core, there is no difference between the tactic that the FileFuck Trojan and other similar threats attempt to carry out.
How the FileFuck Trojan will Affect Your Files
The FileFuck Trojan functions like a data wiper since the encryption methods it uses to compromise the victim's files are unbreakable completely and may make the victim's files inaccessible permanently. Examples of the data that threats like FileFuck Trojan target in these attacks include:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The FileFuck Trojan delivers messages to the victim of the attack, which will be contained in a text file named '@READ_IT@.txt' that is dropped on the infected computer's desktop and in a program window with the title 'FileFuck Warning.' The FileFuck Trojan's text ransom note contains the following message for the victim:
'All your files were fucked forever by FileFuck!
You can not recover the files. forever!
I do not know if you've backed up your files, I'm sorry if you have not backed up.
Be sure to backup in the future!
FileFuck - Your system is no longer secure.'
The FileFuck Trojan program window contains the following message:
'FileFuck warning
All your files were fucked forever by FileFuck!
[follows translations in 18 languages including versions in Korean, Japanese, French, Italian, Russian, Turkish, Indian, Polish]
you not have to look at the
monitor so seriously,
my friend. XD'
Furthermore, the FileFuck Trojan will rename all files on the infected computer's desktop, by replacing their names with the following string:
'All your files were fucked forever by FileFuck! You can not stop us, you idiot :)'
The files affected by the attack will preserve their extensions but will no longer be accessible.
Dealing with the FileFuck Trojan
The tone of the FileFuck Trojan attack makes it seem as if the FileFuck Trojan is intended as a prank since it doesn't seem like that there is a way to pay a ransom or contact the criminals to remove the FileFuck Trojan and restore the affected files. However, despite its light tone, the FileFuck Trojan carries out an effective attack that makes the victim's files inaccessible, causing a destructive effect on the victim's PC. It is important, therefore, to take precautions against this threat by having backup copies of your data.
