Threat Report – FuxSocy Ransomware

November 1, 2019 | Views: 1411

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

This blog is by Knogin blog. Reposted with permission.


Researchers from MalwareHunterTeam have spotted a new variant of ransomware called FuxSocy; this malware impersonates the known Cerber ransomware. It operates by encrypting the data you have on the computer, changes the file, and its extension to a random one; then, it demands a ransom for its decryption.

After this process is complete, the victim’s desktop wallpaper is changed. Additionally, a text file tilted with a random name, which contains the ransom note, is dropped into every affected folder.

To decrypt it, you would need a decryption software and private key; the note states that to do so, you need to open any of the encrypted folders and then find a specific text file. This file contains detailed instructions on how to decrypt the data. However, we highly advise not to pay if you get infected, some alternatives are free and supported by the government, if you pay for the ransom, in some way you are financing illicit acts.



The preferred method used to infect computers with the FuxSocy is the same in the case of Cerber ransomware, using the phishing method, an e-mail that tricks you into downloading an attachment that has the malicious payload.

Once the victim is tricked that the attachment is some crucial document, the user downloads and runs it, the infection with FuxSocy begins.

When FuxSocy infects your PC, the first thing will do is perform the following activities:

Drop its virus files in the %AppData%, %Local%, %LocalLow% and other directories create registry entries in multiple different registry sub-keys, such as Run and RunOnce keys, get rights as an administrator.

Then, the FuxSocy begins to encrypt your files using what appears to be a combination of two ciphers – RSA and AES. The virus scans to encrypt files such as:

  • Documents
  • Files
  • Pictures
  • Music
  • Archives
  • Videos

Then, the ransomware sets a wallpaper telling you what has happened and what to do.



Being aware is the best way to prevent bad things can happen. However, we cannot always have control of everything, but what we can do is having a restoration point in the computer and also having at least one backup in an external device.

Ransomware infections aim to encrypt your files using an encryption algorithm, which may be very difficult to decrypt. There are alternatives which can be very helpful to recover your data, remember that paying is not a good idea, and does not warranties that you are getting your files back.



As stated above, we sincerely recommend not paying any ransomware; you can go to and get help from them; they list tools that can help you to recover your data.

It is wise to have a minimum of 1 backup outside the computer (if you have a disk in a mirror, the chances are that the mirrored disk gets encrypted too). If you have multiple backups, it’s going to be better as if an external device gets broken; you always can have your data, cloud backups are also an efficient way to have your backup.

TTPs: Tactics, techniques and procedures


Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?