'.FUCK File Extension' Ransomware
The '.FUCK File Extension' Ransomware is a ransomware Trojan that belongs to a family of ransomware that has been active since July 2017. The '.FUCK File Extension' Ransomware is a variant of OXAR, a ransomware threat that first appeared around that time. The '.FUCK File Extension' Ransomware seemed to be very similar to other variants in this family and was first reported in early April 2018. The '.FUCK File Extension' Ransomware is very similar to most other encryption ransomware Trojans since it uses strong encryption algorithms to make the victim's files inaccessible. The '.FUCK File Extension' Ransomware also uses other tactics associated with other ransomware Trojans, such as deleting the Shadow Volume copies of the enciphered files and obfuscating its code to prevent reverse engineering by PC security analysts.
The '.FUCK File Extension' Ransomware will Render Useless Multiple File Types
The '.FUCK File Extension' Ransomware main target will be the user-generated files. Samples of the file types that the '.FUCK File Extension' Ransomware will target in its attack include:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
The '.FUCK File Extension' Ransomware will identify the files encrypted in the attack by adding the file extension '.FUCK' to their names as its name indicates.
The '.FUCK File Extension' Ransomware's Ransom Note
The '.FUCK File Extension' Ransomware drops a ransom note onto the victim's computer. This ransom note will be delivered in the form of a text file named '1 What happens with my files.txt' that will appear on the victim's computer's desktop. The '.FUCK File Extension' Ransomware's ransom note contains the following text:
'What Happened to My Computer?
Your important files are encrypted.
Many of your documents, photos, videos, databases and other files are no longer accessible because they have been encrypted. Maybe you are busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service.
Can I Recover My Files?
Sure. We guarantee that you can recover all your files safely and easily. But you have not so enough time.
But if you want to decrypt all your files, you need to pay.
How Do I Pay?
Payment is accepted in Bitcoin only.
Please check the current price of Bitcoin and buy some bitcoins.
And send the correct amount to the address specified in this window.
We strongly recommend you to not remove this software, and disable your anti-virus for a while, until you pay and the payment gets processed. If your anti-virus gets updated and removes this software automatically, it will not be able to recover your files even if you pay!
Once the payment is sent, send us an e-mail to the specified address specifying your "Client ID", you will be sent your decryption key in return.
How to buy Bitcoins?
Step 1 : Create a portfolio on the Blockchain website at the address : h[tt]ps://blockchain[.]info/fr/wallet/#/signup
Step 2 : Sign in to your account you just created and purchase the amount shown : h[tt]ps://blockchain[.]info/wallet/#/buy-sell
Step 3 : Send the amount to the indicated Bitcoin address, once this is done send us an email with your "Client ID" you can retreive this in the file "instruction.txt" or "Whats Appens With My File.s.txt" in order to ask us the key of decryption of your data.
Contact us at : spaghetih@protonmail[.]com
Send 20$ to Bitcoin at [STRING OF 34 CHARACTERS] if you want decrypt your files !
Your Client ID is : [RANDOM CHARACTERS]'
PC security researchers are completely against computer users following the instructions in the '.FUCK File Extension' Ransomware ransom note or accepting to pay its ransom. Instead, they should use file backups to restore any files compromised by the '.FUCK File Extension' Ransomware attack.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.