close
Written by Anthony Carballo
on October 29, 2019

Researchers from MalwareHunterTeam have spotted a new variant of ransomware called FuxSocy; this malware impersonates the known Cerber ransomware. It operates by encrypting the data you have on the computer, changes the file, and its extension to a random one; then, it demands a ransom for its decryption.

After this process is complete, the victim's desktop wallpaper is changed. Additionally, a text file named with a random name, which contains the ransom note, is dropped into every affected folder.

To decrypt it, you would need decryption software and private key; the note states that to do so, you need to open any of the encrypted folders and then find a specific text file. This file contains detailed instructions on how to decrypt the data. However, we highly advise not to pay if you get infected, some alternatives are free and supported by the government, if you pay for the ransom, in some way you are financing illicit acts.

TTPs

The preferred method used to infect computers with FuxSocy is the same in the case of Cerber ransomware, using the phishing method, an e-mail that tricks you into downloading an attachment that has the malicious payload.

Once the victim is tricked that the attachment is some crucial document, the user downloads and runs it, the infection with FuxSocy begins.

When FuxSocy infects your PC, it will perform the following activities:

  1. Drop its malicious payload in the %AppData%, %Local%, %LocalLow% and other directories
  2. Create registry entries in multiple different registry sub-keys, such as Run and RunOnce keys, get rights as an administrator by escalating privileges.

Then, the FuxSocy begins to encrypt your files using what appears to be a combination of two ciphers – RSA and AES. The virus scans for files to encrypt such as:

  • Documents
  • Files
  • Pictures
  • Music
  • Archives
  • Videos

Then, the ransomware sets a wallpaper telling you what has happened and what to do.

Conclusions

Being aware is the best way to reduce the likelihood of risk. However, we cannot always have control of everything, but a good strategy is to have a restoration point in the computer and also having at least one backup on an external device.

Ransomware infections aim to encrypt your files using an encryption algorithm, which may be very difficult to decrypt. There are alternatives which can be very helpful to recover your data, remember that paying is not a good idea, and does not guarantee that you are going to get your data back.

Advice

As stated above, we sincerely recommend not paying any ransomware; you can go to nomoreransom.org and get help from them; they list tools that can help you to recover your data.

It is wise to have a minimum of 1 backup outside the computer (if you have a disk in a mirror, the chances are that the mirrored disk gets encrypted too). If you have multiple backups, it's going to be better as if an external device gets broken you always can have your data, cloud backups are also an efficient way to have your backup.

TTPs: Tactics, techniques and procedures

Let Us Know What You Thought about this Post.

Put your Comment Below.

You may also like:

Phishing Vulnerability

COVID-19 y estafas

COVID-19 es uno de los temas más importantes en todo el mundo en este momento, y los ciberdelincuentes se están aprovech...

Cyber Humor Phishing

Tired of getting Tricked by Phishing Emails?

Getting Tricked? Phishing emails are unfortunately one of the most prevalent ways that people get hacked.   Email scams ...