Threat Database Ransomware Zero-Fucks Ransomware

Zero-Fucks Ransomware

By CagedTech in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 10
First Seen: July 22, 2019
Last Seen: February 18, 2022
OS(es) Affected: Windows

Zero-Fucks Ransomware Image

The Zero-Fucks Ransomware is a data-locking Trojan which has been recently spotted by cybersecurity researchers. Unlike most ransomware threats nowadays, which tend to be almost entirely based on already existing file-encrypting Trojans, the Zero-Fucks Ransomware appears to be an original project.

Infiltration and Encryption

Malware experts were not able to determine with fill certainty what infection vectors may be at play in the spreading of the Zero-Fucks Ransomware. Some believe that the authors of the Zero-Fucks Ransomware have likely opted to use the most common and widely spread techniques in propagating their creation – emails containing macro-laced attachments, fraudulent application updates, and corrupted software downloaded from unofficial sources. The Zero-Fucks Ransomware will begin scanning the system as soon as it infiltrates it. The scan locates all the files which this threat is going to encrypt. Then, the encryption process begins. The Zero-Fucks Ransomware employs an encryption algorithm to lock files and alters their names by adding a new extension – ‘.zerofucks.’ This means that a file originally called ‘fuzzy-duck.jpg’ will have its name changed to ‘fuzzy-duck.jpg.zerofucks’ after undergoing the encryption process of the Zero-Fucks Ransomware.

The Ransom Note

When the Zero-Fucks Ransomware locks all the targeted files, it proceeds to drop a ransom note. The note’s name is ‘Bitcoin_Address.txt’ and reads:

’All your files are locked!
All your important files have been encrypted.
If you want your files back, you need to pay €400 in Bitcoins.
After the payment is received, we will give you access to unlock your files.
Click on the Payment button to get more info.
If you don't pay within 48 hours, the price will be doubled.
After another 24 hours, the price will be doubled again.
If you don't pay within 96 hours your files will be destroyed.
User-ID: 28NNL272XC
If you close me or shutdown your pc without paying, you won't be able to unlock your files again!
We guarantee that you will get your files back if you pay!
You can find more info about paying by clicking on the payment button.
You can create a Bitcoin wallet on site's like:
{} or {}
You can also buy Bitcoins on these websites.
There are plenty of site to buy bitcoins from.
After you've bought €400 worth of Bitcoins, send it to the address wich you can copy below.
Put your user-ID in the description of the transaction!
If we have received your payment, we will give you access to unlock your files.
Click on the Unlock button and follow the instruction there.
If you don't put your user-ID in the description of the transaction, we don't know if you have payed! (you can see your User-ID under the time left)
If you have payed, click on the Check button to see if we received your payment.
If we do, we will give you access to unlock your files.
It can take some time to decrypt all your files.
Restart your pc after the program is done with decrpyting.
After restarting your pc, you can use all your files again.’

The attackers demand €400 in Bitcoin. Bitcoin is the preferred currency by most cybercriminals as it cannot be tracked, which helps shady individuals keep their anonymity. The note states that unless the victim pays within 48 hours the price will be doubled, then after 24 more hours, the fee doubles once more, and then threatens to destroy all data if the fee is not paid within 96 hours. The authors of the Zero-Fucks Ransomware have provided instructions on how to create a Bitcoin wallet and where to buy the cryptocurrency from.

We advise you against paying any cash to cybercriminals. Not only is there no guarantee that they will hold up their end of the bargain, but your money will go to fund their criminal activities in the future. A safer approach is to download and install a legitimate anti-spyware application and clear your system of the Zero-Fucks Ransomware. Then, you can try to retrieve some of the lost data via third-party data recovery software.


Most Viewed