FuxSocy Ransomware encrypted files

What is FuxSocy Encryptor and how did I get it?

The FuxSocy ransomware is a type of malicious software that encrypts files on the infected system, rendering them inaccessible, and demands a ransom payment for the decryption key. This malware can infect your computer through several common vectors:

  1. Email Phishing: You might have received an email that appeared legitimate but contained malicious attachments or links. Opening the attachment or clicking on the link can execute the ransomware on your system.
  2. Exploitation of Software Vulnerabilities: If your software or operating system is outdated, it may contain security vulnerabilities that can be exploited by attackers to deliver ransomware.
  3. Malvertising: Malicious advertisements on websites can exploit vulnerabilities in your web browser to install ransomware without your knowledge.
  4. Compromised Websites: Visiting compromised websites or downloading software from untrusted sources can lead to ransomware infections.
  5. Remote Desktop Protocol (RDP) Attacks: If RDP is enabled and exposed to the internet with weak credentials, attackers can brute-force their way in or exploit vulnerabilities to install ransomware.
  6. Social Engineering Attacks: This involves tricking the user into bypassing security mechanisms to install the ransomware, often through convincing messages that urge immediate action.
  7. File-Sharing Networks: Downloading files from peer-to-peer networks or other file-sharing services can also be risky, as these files can be disguised as legitimate software or media.

To prevent such infections, it's crucial to maintain updated software, use reputable antivirus solutions, be cautious with email attachments and links, and avoid downloading software from untrusted sources. Additionally, ensure that you have a robust backup system in place to recover your data in case of an attack.

How Can SysFix Assist you?

We've assisted 2 unfortunate businesses to date that have become victim to this type of ransomware. There's no magic switch that can undo the damage but we do have a solid plan for remediation.  If you don't have a backup of your data however, there's no freely available decryption tool. You either need to pay the ransom, lose the data or explore options with a support call.

Should I pay the ransom?

We typically advise against it. The reason ransomware continues to exist is because it is profitable. Until there is a collective refusal to finance these illegal operations, they will persist.

Nevertheless, we understand that not everyone maintains a readily accessible backup. In most cases, the cost of addressing a security breach exceeds what you would have spent on an off-site backup solution. A lesson learnt for most!

It goes without saying that both clients we've helped with these issues have since enrolled in our monthly IT support plan, which includes our managed data backup service.

Notes relating to the two client's we've successfully assisted.

One out of the two clients paid the ransom. The client in question had no backup of their data off-site. They did have a USB drive plugged into their server but this was also attacked.

They had to download a chat app and speak directly with the hackers which was a risk in itself. They were asked to pay in bitcoin which of course is untraceable. Due to the nature of their business and the value of their current ongoing projects, they paid a £55'000 ransom. They would have lost far more by having to redo all their work for projects that were valued in their millions.

There was no guarantee they would receive a decryption key - however they did, and it worked (to some degree). 90% of the files were recovered however some were completely destroyed. Equally, as soon as the files were decrypted, they'd start to encrypt again. The provided removal tool didn't work so it was a rush to move the decrypted files off as soon as they were decrypted. 

The server for both clients had to be completely reinstalled. As one of the clients servers was old and out of warranty, they decided to replace the server, start afresh and move onto one of our managed IT plans.

Both clients had to shut down their server infrastructure and perform any decryption offline to prevent the malware from running the background. This was achieved by copying off the encrypted files and decrypting them on an external system not connected to the network.

The whole process took over 1 week to decrypt their files.

Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

Related Posts