Zero-Fucks Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 10 |
| First Seen: | July 22, 2019 |
| Last Seen: | February 18, 2022 |
| OS(es) Affected: | Windows |
Zero-Fucks Ransomware Image
The Zero-Fucks Ransomware is a data-locking Trojan which has been recently spotted by cybersecurity researchers. Unlike most ransomware threats nowadays, which tend to be almost entirely based on already existing file-encrypting Trojans, the Zero-Fucks Ransomware appears to be an original project.
Infiltration and Encryption
Malware experts were not able to determine with fill certainty what infection vectors may be at play in the spreading of the Zero-Fucks Ransomware. Some believe that the authors of the Zero-Fucks Ransomware have likely opted to use the most common and widely spread techniques in propagating their creation – emails containing macro-laced attachments, fraudulent application updates, and corrupted software downloaded from unofficial sources. The Zero-Fucks Ransomware will begin scanning the system as soon as it infiltrates it. The scan locates all the files which this threat is going to encrypt. Then, the encryption process begins. The Zero-Fucks Ransomware employs an encryption algorithm to lock files and alters their names by adding a new extension – ‘.zerofucks.’ This means that a file originally called ‘fuzzy-duck.jpg’ will have its name changed to ‘fuzzy-duck.jpg.zerofucks’ after undergoing the encryption process of the Zero-Fucks Ransomware.
The Ransom Note
When the Zero-Fucks Ransomware locks all the targeted files, it proceeds to drop a ransom note. The note’s name is ‘Bitcoin_Address.txt’ and reads:
’All your files are locked!
[Unlock]
All your important files have been encrypted.
If you want your files back, you need to pay €400 in Bitcoins.
After the payment is received, we will give you access to unlock your files.
Click on the Payment button to get more info.
If you don't pay within 48 hours, the price will be doubled.
After another 24 hours, the price will be doubled again.
If you don't pay within 96 hours your files will be destroyed.
---
User-ID: 28NNL272XC
Important
Payment
--
If you close me or shutdown your pc without paying, you won't be able to unlock your files again!
We guarantee that you will get your files back if you pay!
You can find more info about paying by clicking on the payment button.
---
You can create a Bitcoin wallet on site's like:
{www.blockchain.com} or {www.coinbase.com}
You can also buy Bitcoins on these websites.
There are plenty of site to buy bitcoins from.
After you've bought €400 worth of Bitcoins, send it to the address wich you can copy below.
Put your user-ID in the description of the transaction!
If we have received your payment, we will give you access to unlock your files.
Click on the Unlock button and follow the instruction there.
If you don't put your user-ID in the description of the transaction, we don't know if you have payed! (you can see your User-ID under the time left)
---
If you have payed, click on the Check button to see if we received your payment.
If we do, we will give you access to unlock your files.
It can take some time to decrypt all your files.
Restart your pc after the program is done with decrpyting.
After restarting your pc, you can use all your files again.’
The attackers demand €400 in Bitcoin. Bitcoin is the preferred currency by most cybercriminals as it cannot be tracked, which helps shady individuals keep their anonymity. The note states that unless the victim pays within 48 hours the price will be doubled, then after 24 more hours, the fee doubles once more, and then threatens to destroy all data if the fee is not paid within 96 hours. The authors of the Zero-Fucks Ransomware have provided instructions on how to create a Bitcoin wallet and where to buy the cryptocurrency from.
We advise you against paying any cash to cybercriminals. Not only is there no guarantee that they will hold up their end of the bargain, but your money will go to fund their criminal activities in the future. A safer approach is to download and install a legitimate anti-spyware application and clear your system of the Zero-Fucks Ransomware. Then, you can try to retrieve some of the lost data via third-party data recovery software.
