Fuacked Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 4 |
| First Seen: | July 18, 2017 |
| Last Seen: | March 6, 2020 |
| OS(es) Affected: | Windows |
The Fuacked Ransomware is a ransomware Trojan that mimics how legitimate ransomware Trojans operate, despite that the Fuacked Ransomware does not have the capacity to carry out a real ransomware attack. However, the Fuacked Ransomware has the potential to cause quite a bit of damage because many computer users may confuse the Fuacked Ransomware with a real encryption ransomware Trojan.
Table of Contents
Is the Fuacked Ransomware a New Version of the Fucked Ransomware?
The Fuacked Ransomware was submitted for analysis on online anti-virus platforms. These online security platforms are used by con artists to test unfinished versions of their threats to make check if they are capable of evading commonly used anti-virus technology. The Fuacked Ransomware, known as 'BBFK.exe,' was uploaded to one of these platforms and was intercepted by PC security analysts. It is clear that the Fuacked Ransomware is still under development since the Fuacked Ransomware is not yet capable of carrying out a full ransomware attack. In fact, the Fuacked Ransomware includes the following message inside its code:
'WIN32/BABBUFUACK.B - (C) YA KID K - NOT INTENDED FOR PUBLIC RELEASE!!!....// IF YOU WERE INFECTED BY THIS PROGRAM, PLEASE CONTACT ME AND TELL ME WHERE YOU RECEIVED THE FILE FROM\\....CONTACT: KASSKLOFF GMAIL.COM\\'
This message seems to indicate that the Fuacked Ransomware was not meant for public distribution, and perhaps was used as a proof of concept or as an educational ransomware project.
Although Pretending to be a Threat, the Fuacked Ransomware can’t Encrypt Your Files
The Fuacked Ransomware's attack includes a ransom note that is presented to the victim. The Fuacked Ransomware in its finished form, if intended for public distribution, would probably be distributed by corrupted spam email attachments and links, which would use deception to convince the victim to download and install the Fuacked Ransomware. In its attack, the Fuacked Ransomware generates five different pop-up messages on the victim's computer. To do this, the Fuacked Ransomware uses the Windows Command Line. Many of these pop-up messages include the text 'WAHHH!!!! YOU HAVE BEEN ___FUACKED___!!' The main window that has been associated with the Fuacked Ransomware attack is wider and has a white text overlaid on a black background. The Fuacked Ransomware ransom note text reads as follows:
'FUACKED
YES! You have been FUACKED!! WAHHH!!!
Not all is lost! Your original files have been backed up and securely encrypted, to retrieve your data you must acquire the decrypted version of your personal data decryption key
!!!WARNING!!! SUPPLYING AN INVALID KEY WILL RESULT IN PERMANENT LOSS OF DATA
Enter the location of the KEY_DECRYPTED file:
> [HERE YOU TYPE THE LOCATION OF THE DECRYPTION KEY]'
PC security researchers have grounds to suspect that there are parallels between how the Fuacked Ransomware works and Petya a well-known ransomware Trojan. It seems that the Fuacked Ransomware is still under development inspired by Petya, and updated versions of the Fuacked Ransomware may appear in later versions. Apart from the Fuacked Ransomware itself, there seem to be no contact details apart from the Gmail address that is included in the Fuacked Ransomware's message. Google will probably take down this email address due to its association with threat attacks.
Protecting Your Computer from the Fuacked Ransomware
Since the Fuacked Ransomware does not encrypt its victims' files, there is no real danger of infection associated with the Fuacked Ransomware. However, these ransomware Trojans, when fully functional, can be extremely threatening. Because of this, it is a recommended measure to take steps to protect your computer from these attacks. Malware analysts advise using a reliable security program coupled with file backups to ensure that the compromised files can be recovered after an infection. The combination of file backups with security software will be enough to protect computer users from most of these attacks, including fully functional encryption ransomware Trojans and unfinished ones like the Fuacked Ransomware.
