Another day, another cyberthreat. Unsurprisingly, the usual suspect is the same, .i.e., a ransomware strain. Security experts found a new villainy malware. It is known as Funny Ransomware. It was discovered by Jacub Kroustek who also found its origins— leading to the notorious Dharma Ransomware family.
After stealthily making its way into the computer of its victims, the ransomware generates dangerous entries by taking control of Windows Registry. Subsequently, the encryption process initiates; user’s sensitive files are encrypted and an extension of .FUNNY is added in the end.
The file from the ransomware can be identified by its size, 95 KB. Likewise, its unique extension can also be used to confirm its presence.
The ransom note is entailed in a file named as FILES ENCRYPTED.txt. The note begins with the acknowledgment that the victim’s files are no longer inaccessible due to encryption. To communicate with the cybercriminals, an email WildMouse@cock.li is provided. For ransomware removal, ransom is asked in the form of bitcoins. A cheaper ransom demand is promised for quicker communication and payment. In exchange for ransom, decryption software is assured.
In order to prove the authenticity of the ransom note, attackers are asked to provide a single file (not greater than 1MB) for a demonstration of its ransomware removal. Unfortunately, this file has to be a non-sensitive one, which means it cannot be a backup file, database, or an Office document.
Since most of the attacked users do not know their way around Bitcoin, the note also adds a link to the website of “LocalBitcoins”. The cybercriminals recommend users to begin registration, purchase bitcoins and send it to them. The complete instructions for these processes are provided via a separate website.
The note ends with a warning against any attempt at ransomware removal. Also, any contact with a business or law enforcement authority is threatened with a higher ransom demand.
