.fff Files Virus - How to Remove and Restore-Data

.fff Files Virus – How to Remove and Restore Data

This article aims to show you instructions on how to remove the SoFucked ransomware, and how to restore files that have been encrypted with the .fff file extension added.

New ransom threat has appeared, encrypting files on the computers infected by it and appending the .fff file extension to them afterwards. The virus aims to perform multiple modifications on the computer of the user, including dropping it’s ransom note, named READTHISHIT.txt and changing the wallpaper with the same message as in the note which asks victims to contact the e-mail [email protected] If you have become a victim off this ransom infection, it is advisable to read the article below and learn how to remove it from your computer and how to restore your files.

Threat Summary

Name.fff Ransomware
TypeRansomware, Cryptovirus
Short DescriptionEncrypts the files on the computers infected by it after which drops a ransom note, demanding payment for their decryption.
SymptomsFiles are no longer openable. The ransom note on the image above is displayed.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .fff Ransomware

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .fff Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

How Does .fff Files Ransomware Infect

In order to infect as many users as possible, the .fff files ransomware may be spread in a method, used by more than 80% of the ransomware viruses these days – malspam. The spammed messages may include either malicious e-mail attachments or links to external site from where the victim is supposed to download the malicious file. The e-mails are created in a way that they aim to deceive the victim into opening the malicious e-mail attachment, claiming it is a receipt, invoice or any other important document.

Besides this, other methods of infection include the usage of various different fake installers of programs, game patches, cracks, etc, that are downloaded instead of the real ones from suspicious sites.

.fff Ransomware – Malicious Activity

The first thing done by the .fff ransomware virus is to drop it’s payload. To do this, the ransomware may either connect to a malicious website and then download the payload or extract it on the computer. The payload of the .fff ransomware may consist of more than one malicious files and they may be located in the following Windows directories:

  • %AppData%
  • %Temp%
  • %Common%
  • %Roaming%
  • %Local%
  • %LocalLow%

After having dropped those files, the .fff file virus may execute them and they may perform the following activities on your computer:

  • Delete the shadow volume copies via administrative commands in Windows Command Prompt.
  • Add registry values with the location of the encryption file in the Run and RunOnce registry sub-keys.
  • Collect system information.

In addition to this, the .fff ransomware also changes the wallpaper of the infected computer and drops a ransom note named READTHISHIT.txt. The message on the wallpaper and the text document is the same:

“ok, your files are gone, sort of. they are all encrypted,
you cannot fix them, av companies won’t help you. if you really
want to get them back you need to pay for them

email me: [email protected]

.fff Files Virus – Encryption

For this ransomware to encrypt the files on your computer, it uses the AES encryption algorithm, also known as Advanced Encryption Standard. It alters blocks of data from your original file with its encrypted analogue. Then, the encryption generates a unique decoding key which is known only to the cyber-criminals.

The virus is very careful not to encrypt important Windows files and folders, such as:

  • System files.
  • Drivers.

Furthermore, .fff ransomware targets various documents, archives, audio files, virtual drive files, videos and many other types of files. The malware may attack files with the following file extensions:

“PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG” Source:fileinfo.com

After encryption, the files are added the .fff file extension, making them look like the following:

Remove .fff Ransomware and Restore Your Encrypted Files

In order to get rid of .fff ransomware, it is strongly recommended to follow the removal instructions below. They are specifically designed to help you delete this virus either manualy or automatically. If manual removal may be tricky, which is the case of .fff ransowmare, experts always advise using an advanced anti-malware program, which can fully and swiftly remove this virus and protect your computer in the future as well.

If you want to restore your files, you can try the alternative tools for file recovery we have suggested below in step “2. Restore files encrypted by .fff Ransomware”.

Note! Your computer system may be affected by .fff Ransomware and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as .fff Ransomware.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove .fff Ransomware follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove .fff Ransomware files and objects
2. Find files created by .fff Ransomware on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by .fff Ransomware

Vencislav Krustev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...