FUSION Ransomware

FUSION Ransomware Description

The FUSION Ransomware is a threatening crypto locker that can wreak havoc on any system it manages to infiltrate. By using uncrackable cryptographic algorithms, the FUSION Ransomware will 'lock' the compromised device effectively. Users will no longer be able to either access or use any of their private or business-related projects. The FUSION Ransomware also has adopted the popular trend among more sophisticated ransomware threats to exfiltrate a certain amount of data and threaten to leak it to the public. The FUSION Ransomware is a new variant that has been classified as part of the Nefilim Ransomware family. 

When the FUSION Ransomware encrypts a file, it appends '.FUSION' to the file's original name as a new extension. It also drops text files named 'FUSION-README.txt' that contain the ransom note from the hackers in every folder with encrypted data.

According to the instructions, users affected by the FUSION Ransomware initiate contact by sending a message to either one of the three provided email addresses - 'williamsturm1985@tutanota.com,' 'mariebautista1990@tutanota.com,' and 'juanmanderson@protonmail.com.' If they say no to the payment of the ransom, the hackers will begin posting the data exfiltrated from the compromised device to a specially crafted website hosted on the TOR network. The data will be uploaded to the site in parts. To test the capability of the hackers to restore the encrypted data, victims can send up to two files to be decrypted for free. The ransom note doesn't specify the exact amount demanded by the hackers or if the ransom has to be paid in one of the popular cryptocurrencies.

The ransom note delivered by the FUSION Ransomware states:

'Two things have happened to your company.


Gigabytes of archived files that we deemed valuable or sensitive were downloaded from your network to a secure location.

When you contact us we will tell you how much data was downloaded and can provide extensive proof of the data extraction.

You can analyze the type of the data we download on our websites.

If you do not contact us we will start leaking the data periodically in parts.


We have also encrypted files on your computers with military grade algorithms.

If you don't have extensive backups the only way to retrieve your data is with our software.

Restoration of your data with our software requires a private key which only we possess.


To confirm that our decryption software works send 2 encrypted files from random computers to us via email.

You will receive further instructions after you send us the test files.

We will make sure you retrieve your data swiftly and securely and your data that we downloaded will be securely deleted when our demands are met.

If we do not come to an agreement your data will be leaked on this website.

Website: http://corpleaks.net

TOR link: http://hxt254aygrsziejn.onion

Contact us via email:




Related Posts

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

HTML is not allowed.