Threat Database Ransomware FuxSocy Ransomware

FuxSocy Ransomware

Ransomware threats are one of the most vicious malware types out there. Data-locking Trojans target regular users, as well as large corporations and even government bodies. Nobody is rulled out when it comes to ransomware threats. Recently, a new file-encrypting Trojan has been circulating the Web. It has been dubbed the FuxSocy Ransomware. It is not clear whether the FuxSocy Ransomware belongs to any of the already known ransomware families. However, its creators have made sure to make it seem like the FuxSocy Ransomware is a variant of the very infamous Cerber Ransomware.

Propagation and Encryption

Researchers have not yet estimated the exact propagation method, which was used in the spreading of this new ransomware threat. Criminals have several preferred methods to propagate threats of this type. Perhaps the most popular one is spam email campaigns. The authors of the ransomware threat would often tailor a message using a variety of social engineering techniques and then add a macro-laced attachment, which contains the threat. The end goal is convincing the user to launch the attachment and thus grant the threat access to the targeted system. When the FuxSocy Ransomware manages to compromise a host, it will scan the files present and locate the ones, which match its criteria. Usually, ransomware threats target a very long list of filetypes as this guarantees that the data-locking Trojan will do enough damage so that the victim will consider paying the ransom fee. Once all the files of interest are located, the FuxSocy Ransomware will begin the encryption process. When the FuxSocy Ransomware encrypts a file, it will also encode the file name. In addition to this, the FuxSocy Ransomware appends an extension, which consists of a random combination of characters. The result is that by the end of the encryption process, your files will be unrecognizable. Encoding the file names in this manner is a trademark of the notorious Cerber Ransomware, which the FuxSocy Ransomware is attempting to imitate.

The Ransom Note

The FuxSocy Ransomware drops a ransom note on the victim's desktop. The note is named ‘_R_E_A_D___T_H_I_S_.txt.’ The FuxSocy Ransomware also changes the background of the user with an image containing a ransom message. The image is styled to look like the one used in the Cerber Ransomware campaigns. Most authors of ransomware prefer to communicate with their victims via email, but the creators of the FuxSocy Ransomware demand to be contacted via the ToxChat messaging application. The attackers have made sure to include instructions on how to create an account in the ToxChat application and how to get in touch with them. There is no mention of a specific sum that will be required from the victim.

There is no free decryption tool released publicly for the moment. However, we would advise you against paying for the decryption key, which the authors of the FuxSocy Ransomware are promising. You, probably will get anything at all in return for your cash. Authors of ransomware oftentimes tend to ignore their victims completely once they get their hands on the cash. Downloading and installing a legitimate anti-malware solution, you ca be aided with removing the FuxSocy Ransomware from your system safely.


Most Viewed