PC-FunHACKED! Ransomware
The PC-FunHACKED! Ransomware is a file encryptor Trojan that was first observed on January 21, 2019. The PC-FunHACKED! Ransomware belongs to the Jigsaw family of ransomware threats, which contains numerous variants. The PC-FunHACKED! Ransomware carries out a typical version of these attacks, taking the victim's files hostage by enciphering them and then asks for a ransom payment to return access to the compromised data.
Where is the Fun?
The PC-FunHACKED! Ransomware is most commonly delivered to victims through corrupted spam email attachments. Once installed, the PC-FunHACKED! Ransomware uses AES encryption to make the victim's files unusable. The PC-FunHACKED! Ransomware will mark all the files it encrypts with the file extension '.PC-FunHACKED!-Hello' added to each compromised file's name. The PC-FunHACKED! Ransomware delivers its ransom note, demanding a ransom payment from the victim, using an HTA file dropped on the infected computer. The following are examples of the files that the PC-FunHACKED! Ransomware targets in its attack:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
After the victim's files have been damaged, the PC-FunHACKED! Ransomware displays a program window named 'Form 1' and a text file named 'Address.txt' with a Bitcoin wallet address. The message displayed by the PC-FunHACKED! Ransomware on the victim's computer reads:
'I want to play a game with you. Let me explain the rules:
Your personal files are being deleted. Your photos, videos, documents, etc...
But don't worry! It will only happen if you don't comply.
However, I've already encrypted your personal files, so you cannot access them.
Every hour I select some of them to delete permanently,
therefore I won't be able to access them, either.
Are you familiar with the concept of exponential growth? Let me help you out.
It starts out slowly then increases rapidly.
During the first 24 hour you will only lose a few files,
the second day a few hundreds, the third day a few thousand, and so on.
If you turn off your computer or try to close me, when I start next time
you will get 1000 files deleted as a punishment.
Yes you will want me to start next time, since I am the only one that
is capable to decrypt your personal data for you.
Now, let's start and enjoy our little game together!
Please, send at least $100 worth of Bitcoin here:
[Bitcoin address]'
Protecting Your Data from the PC-FunHACKED! Ransomware
The best protection from the PC-FunHACKED! Ransomware is the backup copies that you make of your data. Having file backups ensures that data compromised by the PC-FunHACKED! Ransomware attack can be restored. However, paying the PC-FunHACKED! Ransomware ransom or contacting the criminals responsible for this attack is not a recommended action.
