FUCKaNDrUN Ransomware

What is FUCKaNDrUN Ransomware?

FUCKaNDrUN Ransomware is an obnoxious name for an obnoxious infection, and so it completely makes sense. If this dangerous threat finds a security backdoor via which it can enter a vulnerable operating system, it immediately slithers in, and, unfortunately, it does that silently. Therefore, you might suspect not a thing while your files are being encrypted. The process of encryption is very simple as a unique algorithm is used to cipher the data within the file. Normally, that is what people use to lock and protect their files. Unfortunately, cybercriminals are using this method to hijack personal files and then hold them hostage. If you have been introduced to the message created by the infection already, you know that attackers want money. Well, paying the ransom is risky, and even if you do it, you will need to remove FUCKaNDrUN Ransomware from your operating system. Unfortunately, even if you succeed at deleting this malware, your files are unlikely to be restored.

How does FUCKaNDrUN Ransomware work?

Anti-Spyware-101.com researchers are familiar with FUCKaNDrUN Ransomware not because we’ve seen it before, but because it is a clone of JesusCrypt Ransomware, TrumpHead Ransomware, SnowPicnic Ransomware, ShutUpAndDance Ransomware, and many other infections that were built using the Hidden Tear source code. It is publicly available, and that means that pretty much anyone can employ it to build their own version of the infection. That being said, although these infections are pretty much identical structurally, they do have differences. For one, when FUCKaNDrUN Ransomware encrypts files, it adds the “.FUCKaNDrUN” extension to their names. It was found that the threat encrypts files with these extensions: ".exe", ".txt", ".jar", ".dat", ".contact", ".settings", ".doc", ".docx", ".xlsx", ".xls", ".ppt", ".pptx", ".odt", ".sln", ".php", ".aspx", ".asp", ".html", ".htm", ".xml", ".psd", ".pdf", ".dll", ".c", ".cs", ".mp3", ".mp4", ".f3d", ".dwg", ".cpp", ".zip", ".rar", ".mov", ".rtf", ".bmp", ".mkv", ".avi", ".apk", ".lnk", ".iso", ".7-zip", ".ace", ".arj", ".jpg", ".png", ".csv", ".py", ".sql", ".mdb", ".bz2", ".cab", ".gzip", ".lzh", ".tar", ".uue", ".xz", ".z", ".001", ".mpeg", ".mpg", ".mp3", ".core", ".crproj", ".pdb", ".ico", ".pas", ".db", and ".torrent". Also, it encrypts files in these folders within the %USERPROFILE% directory: Contacts, Desktop, Downloads, Favorites, Links, Music, OneDrive, Pictures, Saved Games, Searches, and Videos.

Once files are fully encrypted, FUCKaNDrUN Ransomware downloads a .PNG file with a random name from imgur.com, and this image file is set as the Desktop wallpaper. Additionally, the threat creates a file named “READ_IT.txt” on the Desktop. Both the image and the text file point you in the same direction. The attackers want you to contact them via help-me-now@mail.bg and also pay a ransom of $300 (in Bitcoin) by transferring it to their wallet (1F7v6rsjCVVqHXGUGLExC3jvdvPLdwwpNz). When we checked this wallet, two transactions had been made, and the grand total was 0.0725 BTC (~$500). What would happen if you just deleted FUCKaNDrUN Ransomware files and decided not to pay the ransom requested by the attackers? Most likely, you would find yourself in the same position that you would be in if you paid the ransom and kept the files around. Note that the ransomware was created by cybercriminals to make money, and so you should not assume that you would be provided with a decryptor just because you did what you were told to do.

How to remove FUCKaNDrUN Ransomware

It is important to delete FUCKaNDrUN Ransomware from the operating system, and even if you decide to contact the attackers and pay the ransom, in the hopes of obtaining a decryptor, you will need to perform removal. Unfortunately, by paying the ransom, you are unlikely to get your files restored. You can try looking for free Hidden Tear decryptors, but whether or not they will work for you, we cannot guarantee. Hopefully, you can replace the corrupted files using your personal backups. When it comes to backups, it is wise to store them outside the operating system to ensure that they cannot be harmed by malware. As for the removal, while some victims will have no trouble deleting FUCKaNDrUN Ransomware manually, we encourage all to install anti-malware software. It will automatically erase the threat and, at the same time, your system’s protection will be taken care of as well.

Removal Guide

1. Change the wallpaper to get rid of the one used by cybercriminals.
2. Go to the Desktop and Delete the file named READ_IT.txt.
3. If you can find the malicious .exe file that launched the threat, Delete it.
4. Empty Recycle Bin and then quickly install a trusted malware scanner.
5. Run a complete system scan to check if there is anything else you need to remove. Download Removal Tool100% FREE spyware scan and
   tested removal of FUCKaNDrUN Ransomware*