'Fake Ransomware' is Named Appropriately

ransomware

There is a new ransomware out in the wild, but in reality, it does not really conform to the definition of ransomware.

In reality, the Fake ransomware only renamed a file in a way that is confusing and does not do any actual encryption. While most ransomware variants would encrypt files in a managed manner and the ransomware operator would possess a decryption tool that can be used to decrypt the victim's files, some strains of alleged "ransomware" such as Fake simply destroy your data. Fake, on the other hand, just renames your files in a way that makes them unrecognizable.

Fake has been spotted on malicious websites distributed under the name "SexyPhotos.JPG.exe" among others. The malware drops four executables and a single batch file in the system's temp directory. The batch file makes copies of the executables in the Startup folder to ensure persistence.

One of the three executables is launched and starts the actual file-altering process. Encrypted files are renamed with a name prefix and a ".Locked_file" extension and given sequential numbers.

A ransom note is generated and dropped inside a "Readme.txt" file.

When researchers examined a file before and after encryption, they discovered that only the file name was changed and the file's contents remained unchanged.

The Fake ransomware can still cause major issues because files will be unrecognizable after the renaming process.

By Zaib
October 11, 2022
Ransomware
English
October 11, 2022
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

RedEngine Ransomware

A new strain of file-encrypting malware has been spotted by security researchers. The new malware belongs to the Chaos family of ransomware variants and has been named the RedEngine ransomware. RedEngine behaves a lot... Read more

May 26, 2022
Ransomware

Remove D3adCrypt Ransomware

The D3adCrypt Ransomware is a file-encryption Trojan whose propagation is completed with the help of fake downloads, game cracks, software activators, and other shady content. The criminals also often rely on fake... Read more

March 4, 2022
Ransomware

Remove Vlff Ransomware

The Vlff Ransomware is an updated variant of the STOP/Djvu family of ransomware. Unfortunately, it is not decryptable for free. Victims of this attack will need to resort to recovering their files from a backup or... Read more

March 15, 2022
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.