Mr. Robot-Inspired FSociety Ransomware Emerges

Wednesday, August 24, 2016

Ionut Arghire

Fa42af438e58b799189dd26386f5870f

Real-life experiences are often transformed into successful movies, but a piece of ransomware inspired by the Mr. Robot TV series proves that the reverse is also possible. 

The new ransowmare family was named FSociety because it uses an image that appeared in the Mr. Robot show as the logo of an infamous hacking group called FSociety. According to Bleeping Computer, the malware’s creator appears to be a fan of the show, but the ransomware itself is in its early stages of development.

For the time being, the ransomware doesn’t display a ransom note and does not provide users with information on how they can contact the author. Despite that, however, the malware does encrypt users’ files. However, researchers discovered that only a test folder on the Windows desktop is targeted at the moment.

Discovered by Michael Gillespie, the FSociety ransomware is based on the EDA2 educational ransomware that already spawned numerous variants earlier this year. Released in the beginning of 2016, the educational ransomware has been already retired by its developer, Utku Sen.

The same as other EDA2 variants out there, the newly spotted ransomware family was designed to encrypt users’ files using AES encryption. Next, the malware would upload the RSA encrypted decryption key to a command and control (C&C) server.

The new threat is likely to receive improvements shortly, but it remains to be seen what these will be and whether they will improve the code enough to prevent security researchers from cracking it.

Previously, researchers were able to neutralize EDA2-based ransomware fast, because of a backdoor that Utku Sen included in the code. In fact, flaws that were packed in the Hidden Tear’s code allowed security researchers to crack the encryption of this ransomware’s offsprings as well.

Related: Variants Spawn From Hidden Tear Ransomware

Related: Radamant C&C Server Manipulated to Spew Decryption Keys

9803
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.