SoFucked Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 3 |
| First Seen: | September 13, 2017 |
| Last Seen: | April 18, 2018 |
| OS(es) Affected: | Windows |
The SoFucked Ransomware is an encryption ransomware Trojan. These threats are becoming common increasingly. They are designed to take over a computer, encrypt the victim's files using a strong encryption algorithm (essentially making the victim's files unusable) and then to demand the payment of a ransom so that they can be provided with the decryption key necessary to restore the affected files. Ransomware Trojans like the SoFucked Ransomware are becoming increasingly common, and this is why computer users must take steps to protect their data preemptively from these attacks. Malware researchers advise computer users to establish strong security protocols and have file backups of all files on an external device.
Table of Contents
The SoFucked Ransomware Deletes the Shadow Volume Copies Made by Windows
The main purpose of the SoFucked Ransomware is to prevent computer users from accessing their data, encrypting it with a strong encryption method. Unfortunately for computer users, if there are no backups of that data, the name of the SoFucked Ransomware may be accurate. This is why computer users need to take preventive measures. The SoFucked Ransomware was first observed on September 12, 2017. The SoFucked Ransomware runs as an executable file with a randomly generated name on the victim's computer. The SoFucked Ransomware issues command through the Windows service 'vssadmin.exe,' which allows the SoFucked Ransomware to delete Shadow Volume Copies and encrypt the victim's files.
How the SoFucked Ransomware Spreads and Infects a PC
The SoFucked Ransomware may spread through spam email messages that contain corrupted attachments. These attachments may take the form of Microsoft Office files with embedded scripts that, when opened, download and install the SoFucked Ransomware on the victim's computer. Once the SoFucked Ransomware enters a computer, the SoFucked Ransomware, like many other threats, makes use of a mix of the RSA and AES encryptions to make the victim's files inaccessible. The files encrypted by the SoFucked Ransomware will no longer be recoverable with the current technology due to the power of the encryption method used. The SoFucked Ransomware will encrypt numerous file types, targeting commonly used file types that are generated by the user. The files encrypted by a SoFucked Ransomware attack will be marked with the file extension '.fff,' which it will add to the affected file's name.
The SoFucked Ransomware’s Demand of a Ransom
After encrypting the victim's files, the SoFucked Ransomware demands a ransom payment from the victim. To do this, the SoFucked Ransomware will demand that the victim contact the con artists via email. The SoFucked Ransomware's ransom note is contained in a text file named 'READTHISHIT.txt,' which it drops on the infected computer's desktop and other locations on the affected PC. The full text of the SoFucked Ransomware's ransom note reads as follows:
'ok, your files are gone, sort of. they are all encrypted,
you cannot fix them, av companies will not help you. if you really
want to get them back you need to pay for them.
email me: sofucked@freespeechmail.org'
PC security researchers are against writing an email to the people responsible for the SoFucked Ransomware. It is very unlikely that these people will respond with the decryption key, and it is more probable that they will ignore the payment or demand more money from the victim.
Preventing a SoFucked Ransomware Attack
The best way to be immune against ransomware Trojans like the SoFucked Ransomware is to have file backups. Having file backups can help computer users restore their files easily, which prevents them from having to pay a ransom or be deprived of their data completely. The ability to restore the affected files easily nullifies the attack strategy used by the SoFucked Ransomware and other encryption ransomware Trojans completely, and it remains the best way to ensure that you do not fall prey to these attacks. Malware researchers advise computer users also to use a reliable security program that is fully up-to-date to prevent the SoFucked Ransomware and similar infections.
SpyHunter Detects & Remove SoFucked Ransomware
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | name.exe | 5a843982bb525573b3b65c16801cefef | 0 |
