.fucku Files Virus - How to Remove and Restore Encrypted Data
THREAT REMOVAL

.fucku Files Virus – How to Remove and Restore Encrypted Data

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by .fucku Ransomware and other threats.
Threats such as .fucku Ransomware may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

This article aims to help you by demonstrating how to remove the .fucku files ransomware virus from your computer system and how to restore the encoded files without actually having to pay the ransom to criminals.

A strange new virus, using both its payment e-mail and the .fucku file extension has been detected by cyber-criminals. The cyber-threat is from the file encryption type, meaning that after it infects your computer system, the virus encrypts your files, making them appear like they are broken. The malware then adds a ransom note, in which it demands $500 to be paid as in BTC to the cyber-criminals behind it and then they promise they will decode the files back to their working state. If you are one of the victims of the .fucku files virus, recommendations are that you read the following removal article in order to learn how to remove the .fucku files ransomware and try to restore the encrypted files without having to pay ransom.

Threat Summary

Name.fucku Ransomware
TypeRansomware, Cryptovirus
Short DescriptionA file encryption virus. Aims to render your files seem broken by locking them and asks you to pay $500 in BTC in order to unlock them.
SymptomsAdds the .fucku file extension to the encrypted files shortly after this, drops a recover_your_fies.txt document, containing instructions on how to pay.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .fucku Ransomware

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .fucku Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.fucku Files Virus – Distribution Methods

In order to infect the maximum amount of victims possible, the virus uses obfuscated file that may evade the real-time protection of some antivirus programs and the infection is performed with the aid of an infection file that is spread via multiple different methods, begging with spam e-mails as the most often used tactic. Such e-mails often pretend that the file which is attached is a legitimate:

  • Invoice.
  • Receipt.
  • Banking statement.
  • Order confirmation template.

The e-mails themselves often have convincing messages embedded within them that make it seem like they are coming from large international companies from the likes of FedEx, DHL and many others. One example can be seen from the image below:

In addition to via e-mail, the ransomware may also be spread via other types of files uploaded as legitimate ones, such as:

  • Fake torrent files.
  • System setups.
  • Game patches or cracks.
  • Software license activators, like fake KMS activators and others.

.fucku Files Virus – Malicious Activity

Upon infection, the .fucku files virus may drop files in multiple different Windows directories:

  • %AppData%
  • %Local%
  • %Roaming%
  • %LocalLow%
  • %Temp%

After having situated the malicious files on the computer of the victim, the malware may begin it’s malicious activity on the computer of the victim. For starters, the .fucku files virus may begin to create various different registry entries in the sub-keys. This may allow for the malware to run automatically during the Windows Boot Process. The usually targeted registry keys for this are the following:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

Among the activities of the .fucku files ransomware may also be to execute administrative Windows commands as an administrator in Windows. These are usually done to delete the shadow volume copies of your OS and disable system recovery. The commands are ran in the background and are as follows:

→ process call create “cmd.exe /c vssadmin.exe delete shadows /all /quiet & bcdedit.exe /set {default} recoveryenabled no & bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures”

The .fucku files virus also drops a ransom note, named recover_your_fies.txt, which has the following ransom demands, written in badly Russian and English:

ALL YOUR FILES WERE COMPLETED.
ORDER, TO RESTORE THIS FILE, YOU MUST SEND $ 500 BTC AT THIS ADDRESS
1JvV3dvGmP6HTxQ6Ea1hoEutkFbJeahFiZ
AFTER PAYMENT SENT EMAIL [email protected]
FOR INSTALLATION FOR DECRIPT

ВСЕ ВАШИ ФАЙЛЫ БЫЛИ ЗАВЕРШЕНЫ.
ЗАКАЗАТЬ, ЧТОБЫ ВОССТАНОВИТЬ ЭТИ ФАЙЛ, ВЫ ДОЛЖНЫ ОТПРАВИТЬ $ 500 В БТД НА ЭТОТ АДРЕС
1JvV3dvGmP6HTxQ6Ea1hoEutkFbJeahFiZ
ПОСЛЕ ПЛАТЕЖА ОТПРАВЛЕНА EMAIL [email protected]
ДЛЯ УСТАНОВКИ ДЛЯ ДЕКРИПТА

In addition to this note, malware researcher Michael Gillespie has also detected the e-mail of the cyber-criminals [email protected] to be associated with another ransom note, reported to be the following:


Text from image:

What happened to your files?
All of your important files have been encrypted with a powerful cryptography algorithm.
Attention: Don’t rename or edit encrypted files because it will be impossible to decrypt your files!

Step l: You must send us $506 worth of Bitocins for each affected PC OR $2069 worth of Bitocins to receive ALL Private Keys for ALL affected PCs.
Step 2: After you send us the coins. Email – nullforwardingfiqualityservice.com with your “Computer name.”
Example: My Computer name is: 001151
Step3: We will reply to your email with a link to the key & decryption software.

You should run it on your affected PC and all encrypted files will be recovered.
Our Bitcoin address: 13wNijcKiBEg8xZwHthcLZtRmrtyTBxDB
What is Bitcoin?

Bitcoin is an innovative payment network and a new kind of money.

You can create a Bitcoin account at https://blockchain.info/ and deposit some money into your account and then send to us.
How to buy Bitcoin?

.fucku Files Virus Encryption Process

For the encryption process, this ransomware virus may undertake in different activities, starting with scanning for the most widely used file types on your computer system, which are usually documents, images, videos, music, archives and other file types:

“PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG”

After the .fucku ransomware discovers the files, the virus may use encryption algorithm to encode the files and leave them unopenable, whilst generating a unique decryption key, which makes it possible for the malicious files to be unlocked after paying ransom. The files are also appended the following file extension:

Remove .fucku Files Virus and Restore Encrypted Data

For the removal process of this ransomware, you should isolate the malware files first after which focus on the removal process itself. To do this either manually or automatically we strongly advise you to follow the removal instructions which we have created underneath this article. If you lack the experience in manual removal, be advised that security professionals often recommend using an advanced anti-malware software in order to perform the removal process automatically by scanning for those files using a .fucku file ransomware – specific removal software. Using such anti-malware program will also make sure that your computer is protected against future intrusions on your computer as well.

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...