CryptFuck virus has just been released and spotted by malware researchers. It’s based on the open-source of the Hidden Tear and EDA2 ransomware and once activated, it warns the victims to pay the ransom fee within 72 hours or else, their decryption key will be permanently deleted. Users may be tempted to pay in order to save their files, but they must be aware that paying the cyber criminals does not guarantee them anything. The virus will remain on the computer, and may strike again….and/or they may still not receive their files back.
We recommend removing CryptFuck ransomware first and then trying to recover some of the encrypted files. Follow the instructions below to see how to get rid of it manually or via an anti-malware tool.
|Short Description||The ransomware encrypts files using AES algorithm. Users are told to have 72 hours to pay the ransom or else they will permanently lose any chances of recovering their data.|
|Symptoms||The ransomware will lock all files with the .urfucked extension appended to them and display a ransom note with instructions on your desktop.|
|Distribution Method||Spam Emails, Email Attachments, Executable Files|
|Detection Tool|| See If Your System Has Been Affected by CryptFuck Ransomware |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss CryptFuck Ransomware.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
CryptFuck Ransomware Virus Delivery Methods
CryptFuck ransomware is spread via spam emails containing important and useful at first message, which in reality is fake, thus tricking the user into clicking a compromised URL or download a malicious attachment from that email. Upon opening, the payload of the ransomware is released and the infection begins.
Keep in mind that other delivery methods are also possible. A file containing a malicious script and disguised as an important and useful program may be present in social media and file-sharing services and trick the users into opening it as well.
CryptFuck Ransomware Virus Technical Details
As mentioned above, CryptFuck has been created via the open-source EDA2 ransomware. The EDA2 open-source is available on the Web and it’s free so anyone with certain technical background can build his own ransomware and spread it across the Globe, demanding payments from victims in exchange for their files.
Having that in mind, CryptFuck is quite similar to the Fantom virus which is also based on the same open-source ransomware, and it also uses the strong AES encryption method.
Once inside the victim’s system, CryptFuck will scan the system to detect files for encryption. Ransomware viruses usually encrypt file types that are most popular among users, such as: Microsoft Office files, mp3’s, videos, pictures, etc.
The encrypted by CryptFuck files will receive the vulgar extension “.URfucked”.
After that, the README_CRYPTFUCK.txt file is dropped with instructions reading like this:
“You have Been Attacked by the CryptFuck RansomWare v Misc.FormattedVersion () Your the UUID is frmMain. uuid Your UKey is frmMain.ukey the If you Lose your identifier is, the any chance of getting back your the data is flushed in the toilet !! the Keep in yet Mind That you have 72 hours to perform the payment, after that , your encrypted password would be deleted permanently !! the If your browser does not the open the any of web page, visit the this page to learn how of the get back to your files is: frmMain.primeDomain ByeMr.r0b0t”
The ransom note states that the victim has only 72 hours to make the payment or else, any chances of recovering his data will be permanently lost.
This version of CryptFuck looks like a test version and comments in Italian are found within its code.
Remove CryptFuck and Restore .Urfucked Files
We have provided manual instructions on how to get rid of CryptFuck by yourself. However, if you feel like you do not have the necessary technical competence to do it yourself, you must use a trustworthy anti-malware program that will detect the virus and remove it safely and completely.
To see ways that could possibly help you recover your data, see the step titled 3. Restore files encrypted by CryptFuck.