FoxRansom Ransomware

The FoxRansom Ransomware is an encryption ransomware Trojan that was first observed on August 9, 2018. The FoxRansom Ransomware seems to target individual computer users rather than business network or devices. The FoxRansom Ransomware, like most threats of this type, is commonly spread using spam email attachments. The FoxRansom Ransomware is also spread using fake file downloads corrupted advertisements, and by the criminals taking advantage of poorly protected Remote Desktop Protocol connections on the victims' computers. The FoxRansom Ransomware will target computer users in Hungarian-speaking regions.

The Power of a Fox Cleverness

The FoxRansom Ransomware is capable of running both offline and online and can attack computers running 32 and 64-bit variants of the Windows operating system. The FoxRansom Ransomware carries out an effective encryption attack and is based on HiddenTear, an open source ransomware platform that has been blameworthy for countless attacks of this type since its initial release in 2015. The FoxRansom Ransomware, like most encryption ransomware Trojans, functions by taking the victim's files hostage to demand a ransom payment from the affected PC user in exchange for returned access to the affected files.

How the FoxRansom Ransomware Carries Out Its Attack

Once the FoxRansom Ransomware has encrypted the victim's files, the FoxRansom Ransomware will mark them with the file extension '.fox,' which it will add to the pre-existe file's name, making it clear which files will not longer be accessible. The FoxRansom Ransomware targets a wide variety of files, including media files, images, numerous documents types, databases and various others. The FoxRansom Ransomware targets the user-generated files mainly while avoiding the Windows system files (since it requires the victim's computer to remain functional enough to demand a ransom payment). The FoxRansom Ransomware and similar ransomware threats target the files specified below in their attack:

.ebd, .jbc, .pst, .ost, .tib, .tbk, .bak, .bac, .abk, .as4, .asd, .ashbak, .backup, .bck, .bdb, .bk1, .bkc, .bkf, .bkp, .boe, .bpa, .bpd, .bup, .cmb, .fbf, .fbw, .fh, .ful, .gho, .ipd, .nb7, .nba, .nbd, .nbf, .nbi, .nbu, .nco, .oeb, .old, .qic, .sn1, .sn2, .sna, .spi, .stg, .uci, .win, .xbk, .iso, .htm, .html, .mht, .p7, .p7c, .pem, .sgn, .sec, .cer, .csr, .djvu, .der, .stl, .crt, .p7b, .pfx, .fb, .fb2, .tif, .tiff, .pdf, .doc, .docx, .docm, .rtf, .xls, .xlsx, .xlsm, .ppt, .pptx, .ppsx, .txt, .cdr, .jpe, .jpg, .jpeg, .png, .bmp, .jiff, .jpf, .ply, .pov, .raw, .cf, .cfn, .tbn, .xcf, .xof, .key, .eml, .tbb, .dwf, .egg, .fc2, .fcz, .fg, .fp3, .pab, .oab, .psd, .psb, .pcx, .dwg, .dws, .dxe, .zip, .zipx, .7z, .rar, .rev, .afp, .bfa, .bpk, .bsk, .enc, .rzk, .rzx, .sef, .shy, .snk, .accdb, .ldf, .accdc, .adp, .dbc, .dbx, .dbf, .dbt, .dxl, .edb, .eql, .mdb, .mxl, .mdf, .sql, .sqlite, .sqlite3, .sqlitedb, .kdb, .kdbx, .1cd, .dt, .erf, .lgp, .md, .epf, .efb, .eis, .efn, .emd, .emr, .end, .eog, .erb, .ebn, .ebb, .prefab, .jif, .wor, .csv, .msg, .msf, .kwm, .pwm, .ai, .eps, .abd, .repx, .oxps, .dot.

The FoxRansom Ransomware delivers a ransom note in a text file named 'READ_IT.TXT,' which will be delivered to the affected computer's desktop. This ransom note contains a short message which, translated from Hungarian, reads "Your machine and files have been locked by the FoxRansom virus!"

Protecting Your Data from Threats Like the FoxRansom Ransomware

The best protection against threats like the FoxRansom Ransomware is to have file backups. These backup copies of your files mean that there will be no need to interact with the criminals to attempt to restore access to your data. Instead, you can recuperate the files encrypted by the FoxRansom Ransomware attack using the backup and delete the FoxRansom Ransomware with an established security program. While these security solutions can't restore the encrypted files, they can intercept threats like the FoxRansom Ransomware before they carry out their attacks.