A new ransomware virus has just been spotted – experts have dubbed it FSociety, after the name of the infamous hacking group FSociety from Mr. Robot series since it uses the same logo.
Recovery of all encrypted by FSociety virus files is not possible yet, but we strongly urge you to not pay the ransom to the cyber crooks. Instead, read further to see how you can remove it from your system.
FSociety Is a Variation of the Open Sourse EDA2
The most distinctive feature of FSociety is that it uses the open source code from EDA2 ransomware that was released earlier this year. Utku Sen is the creator of that EDA2 code, and he claims he’s published the ransomware code for “educational purposes” in the beginning of 2016. As much as this claim is funny, it is also not, as malware authors have been actively using the code to create various ransomware viruses and spread them worldwide. Thing is EDA2 ransomware kit contains all a newbie cyber criminal might need in order to create a ransomware virus on their own, which is why it’s clear that there is nothing “educational” about an open source ransomware code.
How Does FSociety Work?
Goed, Fsociety works just like most ransomware viruses do – it enters your system via a compromised file or a malicious URL contained in a spam email. Be cautious when opening even the slightest suspicious email in your inbox, especially if it contains an attachment or an URL. Once the compromised file or URL is opened, the virus downloads to your system and the infection begins.
Fsociety scans your files first. It searches your PC for the following extensions:
PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG
Once detected, they are being encrypted by a powerful AES (Advanced Encryption Standard) cypher and the victim’s desktop wallpaper is changed to the FSecurity logo of the hacking group from Mr. Robot. En, that’s how you know you got attacked by FSecurity ransomware.
Remove FSociety Virus Immediately
As we have explained before, you must remove FSociety from your PC the moment you realize you have it. If you cannot deal with this manually and on your own, make sure you use a powerful anti-malware tool that will scan your system and remove all malicious components it detects. Only then you can try to restore any of the encrypted data.
Paying the ransom is not an option as this way you only encourage prospective and advanced cyber criminals to continue spreading ransomware worldwide. Not to mention that you may not receive the promised decryption key as they may decide to racketeer you to pay more.