Fofd Ransomware
Security researchers have identified a new variant of ransomware that is considered a critically damaging threat. The ransomware, named Fofd, is designed to encrypt files on a targeted system, rendering them inaccessible to the user. As part of the encryption process, Fofd modifies the file names by appending the '.fofd' extension to their original names. For example, if a file is named '1.jpg,' it will be renamed to '1.png.fofd,' and a file named '2.png' will be renamed to '2.png.fofd.'
To inform the victim, Fofd creates a ransom note in the form of a '_readme.txt' file that includes instructions on how to pay the ransom to obtain the decryption key necessary to unlock the encrypted files. It is worth noting that Fofd is a member of the STOP/Djvu Ransomware family and may be distributed with other malware such as RedLine, Vidar or other information stealers.
The Fofd Ransomware Renders a Wide Range of Filetypes Inaccessible
The ransomware attack involves the encryption of data on the victim's system and a demand for payment in exchange for the decryption key to recover the data. This demand is typically made through a ransom note, which contains instructions on how to communicate with the attackers and how to pay the ransom.
In this case, the ransom note provides two email addresses - 'support@freshmail.top' and 'datarestorehelp@airmail.cc,' which victims can use to contact the cybercriminals. The ransom amount ranges from $490 to $980, depending on whether the victim contacts the threat actors before or after 72 hours.
The attackers offer free decryption of one file that does not contain valuable information to demonstrate that the decryption tool works. However, paying the ransom is a risky proposition, because the attackers seldom honor their end of the bargain and return the encrypted data. In addition, victims may become the target of future attacks if they are known to have paid a ransom. Therefore, experts advise against paying the ransom and instead recommend removing the ransomware from the system to prevent further data loss caused by additional encryptions.
Vital Steps to Take Following a Ransomware Breach
If a user's device is infected with ransomware, it is crucial to act quickly to minimize the damage. The first step is to disconnect the device from the internet and all network connections to prevent the ransomware from disseminate to other devices. The user should then identify the type of ransomware and determine if it is decryptable or not. If it is decryptable, the user should seek assistance from reputable decryption tools or security professionals to recover their data.
If the ransomware is not decryptable, victims should still avoid paying the demanded ransom, as this does not guarantee the recovery of their data and can lead to further financial loss. Instead, it is crucial to remove the ransomware from the breached system using reputable anti-malware software to prevent any additional files from being affected.
To prevent future attacks, it is necessary to take proactive actions, such as regularly backing up their data, keeping their operating system and software up-to-date, using professional security software, and avoiding suspicious emails or links. Additionally, users should educate themselves on the latest ransomware trends and techniques used by attackers to stay informed and prepared.
The ransom note presented to the victims of the Fofd Ransomware is:
'ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-pSlL2pKijh
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshmail.topReserve e-mail address to contact us:
datarestorehelp@airmail.ccYour personal ID:'
