The name of the ransomware comes after the
“When analyzed by reverse engineer Vitali Kremez, the researcher told
The expert also noticed that the FuxSocy ransomware also scrambles the file name and extensions used by encrypted files in a way similar as the Cerber threat.
Once the ransomware has encrypted the files on the infected system, it will change the desktop by setting up an almost identical background as the
Unlike Cerber, FuxSocy attempts to block its execution on a virtual machine by looking for a list of processes, files, and named pipes associated with a virtualized environment.
Experts also noticed that the FuxSocy Encryptor only encrypts a portion of the files.
“According to Michael Gillespie, the ransomware will start encrypting files at 0x708 bytes, which for the most part will make documents unusable.” continues BleepingComputer.
The payment processes for the two ransomware are quite different,
The experts explained that at the time of writing there is no way to decrypt the data for free.