.fff Files Virus - How to Remove and Restore-Data

.fff Files Virus – How to Remove and Restore Data

This article aims to show you instructions on how to remove the SoFucked ransomware, and how to restore files that have been encrypted with the .fff file extension added.

New ransom threat has appeared, encrypting files on the computers infected by it and appending the .fff file extension to them afterwards. The virus aims to perform multiple modifications on the computer of the user, including dropping it’s ransom note, named READTHISHIT.txt and changing the wallpaper with the same message as in the note which asks victims to contact the e-mail [email protected] If you have become a victim off this ransom infection, it is advisable to read the article below and learn how to remove it from your computer and how to restore your files.

Threat Summary

Name.fff Ransomware
TypeRansomware, Cryptovirus
Short DescriptionEncrypts the files on the computers infected by it after which drops a ransom note, demanding payment for their decryption.
SymptomsFiles are no longer openable. The ransom note on the image above is displayed.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .fff Ransomware

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .fff Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

How Does .fff Files Ransomware Infect

In order to infect as many users as possible, the .fff files ransomware may be spread in a method, used by more than 80% of the ransomware viruses these days – malspam. The spammed messages may include either malicious e-mail attachments or links to external site from where the victim is supposed to download the malicious file. The e-mails are created in a way that they aim to deceive the victim into opening the malicious e-mail attachment, claiming it is a receipt, invoice or any other important document.

Besides this, other methods of infection include the usage of various different fake installers of programs, game patches, cracks, etc, that are downloaded instead of the real ones from suspicious sites.

.fff Ransomware – Malicious Activity

The first thing done by the .fff ransomware virus is to drop it’s payload. To do this, the ransomware may either connect to a malicious website and then download the payload or extract it on the computer. The payload of the .fff ransomware may consist of more than one malicious files and they may be located in the following Windows directories:

  • %AppData%
  • %Temp%
  • %Common%
  • %Roaming%
  • %Local%
  • %LocalLow%

After having dropped those files, the .fff file virus may execute them and they may perform the following activities on your computer:

  • Delete the shadow volume copies via administrative commands in Windows Command Prompt.
  • Add registry values with the location of the encryption file in the Run and RunOnce registry sub-keys.
  • Collect system information.

In addition to this, the .fff ransomware also changes the wallpaper of the infected computer and drops a ransom note named READTHISHIT.txt. The message on the wallpaper and the text document is the same:

“ok, your files are gone, sort of. they are all encrypted,
you cannot fix them, av companies won’t help you. if you really
want to get them back you need to pay for them

email me: [email protected]

.fff Files Virus – Encryption

For this ransomware to encrypt the files on your computer, it uses the AES encryption algorithm, also known as Advanced Encryption Standard. It alters blocks of data from your original file with its encrypted analogue. Then, the encryption generates a unique decoding key which is known only to the cyber-criminals.

The virus is very careful not to encrypt important Windows files and folders, such as:

  • System files.
  • Drivers.

Furthermore, .fff ransomware targets various documents, archives, audio files, virtual drive files, videos and many other types of files. The malware may attack files with the following file extensions:

“PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG” Source:fileinfo.com

After encryption, the files are added the .fff file extension, making them look like the following:

Remove .fff Ransomware and Restore Your Encrypted Files

In order to get rid of .fff ransomware, it is strongly recommended to follow the removal instructions below. They are specifically designed to help you delete this virus either manualy or automatically. If manual removal may be tricky, which is the case of .fff ransowmare, experts always advise using an advanced anti-malware program, which can fully and swiftly remove this virus and protect your computer in the future as well.

If you want to restore your files, you can try the alternative tools for file recovery we have suggested below in step “2. Restore files encrypted by .fff Ransomware”.

Manually delete .fff Ransomware from your computer

Note! Substantial notification about the .fff Ransomware threat: Manual removal of .fff Ransomware requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove .fff Ransomware files and objects
2.Find malicious files created by .fff Ransomware on your PC

Automatically remove .fff Ransomware by downloading an advanced anti-malware program

1. Remove .fff Ransomware with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by .fff Ransomware
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.