Threat Database Ransomware Fonix Ransomware

Fonix Ransomware

By GoldSparrow in Ransomware

The Fonix Ransomware is one of the newest data-lockers that target unsuspecting users online. Threats like this tend to infiltrate the targets' computers and then utilize an encryption algorithm to lock all their data to extort them for money. Dealing with file-lockers like the Fonix Ransomware is a real headache. You are unlikely to recover your files even if you pay the cyber crooks the ransom fee they demand – conmen like these are not known for their honesty, so you should not cooperate with them.

Propagation and Encryption

When the Fonix Ransomware manages to compromise a targeted PC, it will scan its contents to locate the files present. Once this scan is completed, the Fonix Ransomware will begin encrypting the targeted files. The Fonix Ransomware is likely to go after images, documents, presentations, audio files, spreadsheets, archives, videos, databases and many other filetypes. Upon locking a file, the Fonix Ransomware adds a new extension to its name - '.EMAIL=[]ID=[<VICTIM ID>].Fonix.' For example, if you named a file 'creamy-eggs.jpeg,' the Fonix Ransomware will rename it to 'creamy-eggs.jpeg. 'EMAIL=[]ID=[<VICTIM ID>].Fonix.' The unique victim ID assists the attackers in differentiating between the affected users. Cybercriminals tend to use several propagation techniques to spread data-lockers like the Fonix Ransomware. Among the most common ones are bogus social media profiles and posts, malvertising campaigns, torrent trackers, fake software updates or downloads, mass spam emails and others.

The Ransom Note

The name of the Fonix Ransomware's ransom note is '# How To Decrypt Files #.hta.' In the ransom message, the attackers state that unless they get paid a certain amount in Bitcoin, the users will not be able to recover their data. They claim that unless the ransom fee is paid within two days, they will double the price. There attackers provide two email addresses as a means of contacting the attackers – ‘' and ‘' The conmen behind the Fonix Ransomware offer to decrypt one file for free, as long as its size does not exceed 2MB.

It is best to remove the Fonix Ransomware from your system via a reputable, up-to-date anti-virus solution.

Related Posts


Most Viewed