FuckTheSystem Ransomware
The FuckTheSystem Ransomware is a Trojan that was reported by PC security researchers in the second week of May 2017. Samples of the Trojan have been found running on infected devices as 'Crypto.exe.' Initial threat analysis revealed that the FuckTheSystem Ransomware is installed on machines via macro-enabled documents, which are delivered to users in spam emails. The program behaves as an encryption Trojan that uses cryptographic algorithms to encipher the content of the files on the system and hold them hostage until the user pays a ransom for the decryption key. The FuckTheSystem Ransomware does not have connections to projects like Cerber 6 and Ranion, which are offered as Ransomware-as-a-Service on the Internet. The FuckTheSystem Ransomware appears to be the product of an independent team of threat programmers who aim the Trojan at regular PC users and office workers who work in small businesses. Further investigation into cases that involve the app showed that it is a customized version of the Cry128 Ransomware, which some refer to as the Stupid Ransomware.
The authors of the FuckTheSystem Ransomware incorporated the AES and RSA ciphers into their Trojan, which are used in the data encryption. The threat is designed to scan the compromised machine and recognize targeted data containers on the local disks, memory cards and network shares. The Trojan creates an index file where the addresses of targeted objects are recorded and used as reference during the encryption process. Affected users can find the '.anon' extension appended to the original file extension of locked data. For example, 'Yellow meadow ant.pptx' is renamed to 'Yellow meadow ant.pptx.anon.' A careful code analysis reveled that the FuckTheSystem Ransomware aims to prevent access to data in the following formats:
.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.
Unfortunately, there is not a viable way to recover the data without using the proper decryption tool and unlock key. The Trojan includes the decryption module, which is presented as a program window titled 'Decrypt, ' but it does not contain payment instructions. Computer security analysts suspect the FuckTheSystem Ransomware is still under development and the programmers forgot to list contact details and their wallet address. Fortunately, an unlock password was found hard-coded into many samples of the FuckTheSystem Ransomware, and you may want to type 'hexobon' (without the quotation marks) on the 'Decrypt' window. You might succeed to trick the FuckTheSystem Trojan into deciphering your data without contacting the cyber extortionists. The best defense against crypto-threats remains backup images and archives that are stored on a removable data storage unit, which you do not have mapped on your system. AV vendors may refer to objects linked to the FuckTheSystem Ransomware as:
- Artemis!F38A83F056F3
- MSIL.Trojan-Ransom.FTSCoder.A
- Ransom_STUPFTS.A
- TScope.Trojan.MSIL
- Trojan ( 00500fdf1 )
- Trojan.Generic.D4BEFEA
- Trojan.GenericKD.4976618
- Trojan.Win32.Z.Filecoder.77824.A[h]
- Win32.Trojan.Gen.Ecjy
SpyHunter Detects & Remove FuckTheSystem Ransomware
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | file.exe | f38a83f056f32a4cb46330f3d5677402 | 0 |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.