Real-life experiences are often transformed into successful movies, but a piece of ransomware inspired by the Mr. Robot TV series proves that the reverse is also possible.
The new ransowmare family was named FSociety because it uses an image that appeared in the Mr. Robot show as the logo of an infamous hacking group called FSociety. According to Bleeping Computer, the malware’s creator appears to be a fan of the show, but the ransomware itself is in its early stages of development.
For the time being, the ransomware doesn’t display a ransom note and does not provide users with information on how they can contact the author. Despite that, however, the malware does encrypt users’ files. However, researchers discovered that only a test folder on the Windows desktop is targeted at the moment.
Discovered by Michael Gillespie, the FSociety ransomware is based on the EDA2 educational ransomware that already spawned numerous variants earlier this year. Released in the beginning of 2016, the educational ransomware has been already retired by its developer, Utku Sen.
The same as other EDA2 variants out there, the newly spotted ransomware family was designed to encrypt users’ files using AES encryption. Next, the malware would upload the RSA encrypted decryption key to a command and control (C&C) server.
The new threat is likely to receive improvements shortly, but it remains to be seen what these will be and whether they will improve the code enough to prevent security researchers from cracking it.
Previously, researchers were able to neutralize EDA2-based ransomware fast, because of a backdoor that Utku Sen included in the code. In fact, flaws that were packed in the Hidden Tear’s code allowed security researchers to crack the encryption of this ransomware’s offsprings as well.