Foqe Ransomware
The Foqe Ransomware is another crypto locker that infosec researchers have determined to be a variant of the STOP/DJVU Ransomware threat. As such, the Foqe Ransomware displays nearly all of the characteristics attributed to the STOP/DJVU Ransomware malware family.
First, it attempts to infiltrate the targeted computer with the most common distribution method being phishing emails carrying poisoned attachments. If it's successful, the Foqe Ransomware will then proceed to 'lock' nearly all of the files stored on the system with a powerful encryption algorithm. Users will lose all access to their files effectively, both private or business-related. Every encrypted file will have '.foqe' appended to its original filename as a new extension. The cybercriminals behind the Foqe Ransomware leave the instructions to their victims in the form of a text file named '_readme.txt.'
According to the ransom note, victims of Foqe Ransomware are supposed to send $980 to the hackers to receive a decryptor tool. To demonstrate their ability to restore the encrypted data, a single file can be sent to be decrypted for free. The ransom amount will be slashed in half to $490 if the affected users establish contact with the criminals within the first 72 hours of the ransomware infection. For that purpose, two email addresses are provided:
- helpmanager@mail.ch
- restoremanager@airmail.cc.
To minimize the chances of becoming a victim of ransomware threats such as the Foqe Ransomware, users should always keep their software and their anti-malware program up-to-date, especially. Keeping a backup that is updated regularly also is an important step in mitigating the consequences of a ransomware attack.
The full text of the instructions left by the Foqe Ransomware is:
'ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-NYlGSMNN9r
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your email "Spam" or "Junk" folder if you don't get answer more than 6 hours.
To get this software you need write on our email:
helpmanager@mail.ch
Reserve email address to contact us:
restoremanager@airmail.cc
Your personal ID:'
The developers behind FOQE ransomware don’t mince their words. The ransom note explains that files are encrypted with a high-grade cipher and can no longer be accessed. The criminals also warn that attempting to decrypt or crack the encryption could cause permanent data loss.
Please understand that the criminals hope to encrypt valuable files on your computer, whether those files have financial value or emotional value. For example, if the attackers encrypted the only copy you had of wedding photos or vital company documents, you would likely pay to get them back. The hackers attempt to instill a false sense of urgency and trust by claiming the encryption can be undone.
The virus developers go so far as to offer to decrypt a few small files for free to prove their system works. The message says that victims can send one unimportant small file which they will decrypt and return. The attackers do this to get victims to believe in them and make them more likely to purchase the decryption key.
With that said, security experts always recommend against contacting hackers behind ransomware attacks. These people are unreliable. There have been several cases where people are scammed after paying the ransom demand. The people behind these attacks are only interested in making money and will take any chance they can get to extort you more.
What Does FOQE Ransomware Do to Files?
The ransomware encrypts files with an RSA cryptography. The RSA cryptographic algorithm was created to secure military documents - to give you an idea of how secure it is. One would need a unique decryption key to access any part of the data. In regards to ransomware, only the attackers have access to this decryption key. Unfortunately, victims are left without any way to restore affected files by themselves without said decryption key.
It may still be possible to decrypt the data without outside help. One case where this is possible is if the cipher is flawed and the ransomware has bugs to be exploited. It may also be possible to find the decryption key in your computer memory, but the chances of that are slim to nil. The best solution is to remove the virus and use a data backup to get your files back.
How Does FOQE Ransomware Spread?
Cybercriminals have several methods at their disposal to spread malware and ransomware. The idea behind the different ways is generally the same; however – they all exploit a lack of awareness and carefulness in users. One of the primary infection vectors for all viruses is illegal downloads. Hackers attach viruses to illegal software or distribute the ransomware under the name of popular software such as Photoshop. Every time you download something from an unofficial or unlawful source, you put your computer at risk of malware infection.
Another popular distribution method is using malspam campaigns. Malspam employs social-engineering and is when attackers send thousands of emails at random in the hopes a small percentage are tricked. The emails use forged credentials and other methods to trick users into thinking they come from legitimate sources. The emails have a link or attachment that readers are encouraged to access – but doing so infects the computer.
Cybercriminals certainly don’t lack for creativity when it comes to finding ways to infect computers. You should be as creative and smart as they are. Avoid using illegal downloads and interacting with spam emails. If you aren’t sure of the source, then ignore it. Don’t forget to create regular backups of your important data to protect yourself from data loss.
