A new ransomware virus has just been spotted – experts have dubbed it FSociety, after the name of the infamous hacking group FSociety from Mr. Robot series since it uses the same logo.
Recovery of all encrypted by FSociety virus files is not possible yet, but we strongly urge you to not pay the ransom to the cyber crooks. その代わり, read further to see how you can remove it from your system.
FSociety Is a Variation of the Open Sourse EDA2
The most distinctive feature of FSociety is that it uses the open source code from EDA2 ransomware that was released earlier this year. Utku Sen is the creator of that EDA2 code, and he claims he’s published the ransomware code for “educational purposes” in the beginning of 2016. As much as this claim is funny, it is also not, as malware authors have been actively using the code to create various ransomware viruses and spread them worldwide. Thing is EDA2 ransomware kit contains all a newbie cyber criminal might need in order to create a ransomware virus on their own, which is why it’s clear that there is nothing “educational” about an open source ransomware code.
How Does FSociety Work?
上手, Fsociety works just like most ransomware viruses do – it enters your system via a compromised file or a malicious URL contained in a spam email. 受信トレイで少しでも疑わしいメールを開くときは注意してください, 特に添付ファイルまたはURLが含まれている場合. 侵害されたファイルまたはURLが開かれると, ウイルスがシステムにダウンロードされ、感染が始まります.
Fsociety scans your files first. 次の拡張機能をPCで検索します:
PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL.APK。 APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAVCADファイル.DWG.DXFGISファイル.GPX.KML .KMZ .ASP .ASPX .CER.CFM。 CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI.PRFエンコードファイル.HQX.MIM .U .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XMLファイル.AIF.IFF .M3U .M4A .MID .MP3 .MPA .WAV.WMAビデオファイル.3G2.3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .L .SYS .CFG
検出されたら, それらは強力なAESによって暗号化されています (Advanced Encryption Standard) cypher and the victim’s desktop wallpaper is changed to the FSecurity logo of the hacking group from Mr. ロボット. そして, that’s how you know you got attacked by FSecurity ransomware.
Remove FSociety Virus Immediately
As we have explained before, you must remove FSociety from your PC the moment you realize you have it. If you cannot deal with this manually and on your own, make sure you use a powerful anti-malware tool that will scan your system and remove all malicious components it detects. Only then you can try to restore any of the encrypted data.
Paying the ransom is not an option as this way you only encourage prospective and advanced cyber criminals to continue spreading ransomware worldwide. Not to mention that you may not receive the promised decryption key as they may decide to racketeer you to pay more.