Ready to Start Your Career?

By: Solene Gabellec
November 1, 2019
Threat Report - FuxSocy Ransomware

By: Solene Gabellec
November 1, 2019
This blog is by Knogin blog. Reposted with permission.
Summary
Researchers from MalwareHunterTeam have spotted a new variant of ransomware called FuxSocy; this malware impersonates the known Cerber ransomware. It operates by encrypting the data you have on the computer, changes the file, and its extension to a random one; then, it demands a ransom for its decryption.After this process is complete, the victim's desktop wallpaper is changed. Additionally, a text file tilted with a random name, which contains the ransom note, is dropped into every affected folder.To decrypt it, you would need a decryption software and private key; the note states that to do so, you need to open any of the encrypted folders and then find a specific text file. This file contains detailed instructions on how to decrypt the data. However, we highly advise not to pay if you get infected, some alternatives are free and supported by the government, if you pay for the ransom, in some way you are financing illicit acts.TTPs
The preferred method used to infect computers with the FuxSocy is the same in the case of Cerber ransomware, using the phishing method, an e-mail that tricks you into downloading an attachment that has the malicious payload.Once the victim is tricked that the attachment is some crucial document, the user downloads and runs it, the infection with FuxSocy begins.When FuxSocy infects your PC, the first thing will do is perform the following activities:Drop its virus files in the %AppData%, %Local%, %LocalLow% and other directories create registry entries in multiple different registry sub-keys, such as Run and RunOnce keys, get rights as an administrator.Then, the FuxSocy begins to encrypt your files using what appears to be a combination of two ciphers – RSA and AES. The virus scans to encrypt files such as:- Documents
- Files
- Pictures
- Music
- Archives
- Videos