Remove Fs0ci3ty Ransomware

How to Remove Fs0ci3ty Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

Welcome To Fs0ci3ty
realfs0ciety@sigaint.org
You Will need to make a Payment of 1.5 Bitcoins within the next 24 Hours or Ransom goes to 1 Btc more daily Your File System has been encrypted using state of the art Technology
You may already understand how this works, if you do good but if you are confused or are unaware of how this works we are hoping to be more informative with our clients.
Buying bitcoins can be very hard to do, so to make this more trustworthy than most we are going to have a secure cold payment system set up that will allow us to secure bitcoins.
As well as a different wallet address per client, each user is given a unique identifier by the server that is used to track distributed keys as well wallet addresses assigned.
You can head to http://localbitcoins.com/ and create a new account in seconds flat, than go to the wallet and send 1.5 btc to the address you were given in the ransom message
You will use the bitcoin you get through local bitcoins to pay to the unique wallet we gave you the identifier in the bottom left of this page is tied to your key contact us via email realfs0ciety@sigaint.org


Fs0ci3ty
is the name of a new infection on the ransomware field. If you follow pop culture, you had to have heard of the show called Mr. Robot. It took the world by storm when it aired, and has become a crowd favorite, so to speak. And, apparently, it has caught the attention of some rather wicked individuals. People, who’ve decided to create a ransomware tool as an homage to the show. Or, rather, to the lead group of hacktivists, starring in the show. Hackers, who’ve named themselves FSociety. But Fs0ci3ty isn’t even the first attempt at such an application. There’s already one, roaming the web and plaguing web users. It’s just spelled a bit differently – FSociety. The one, we’re discussing now is a spin-off, a clone of that previous one. They act in a pretty standard ransomware manner. Both tools follow the same programming. Invade, lock, extort. Fs0ci3ty sneaks into your PC undetected, and then corrupts it. It spreads its reach all over your system, and encrypts everything you have on it. All your files get locked, and used as hostages. Pictures, music, documents, videos, etc. Everything you had on your PC is no longer accessible. It’s under the control of the infection, and if you wish for it to let it go, you have to pay up. The Fs0ci3ty program extorts you for monetary gain. That’s the end-game of all ransomware tools. Profit. But whatever you do, don’t fool yourself that by complying, you’ll get back your data. You have ZERO guarantees. The infection can trick you in a myriad of different ways. And, do you know what? You cannot win, no matter what you do. You can only try to minimize the cyber menace’s damages. Say goodbye to your files. Don’t follow the demands laid out by these people! People, who created and unleashed such a dreadful application. They’re not trustworthy. Ad, they will double-cross you. Do you truly think they’ll keep their promises? Don’t be naive. Forsake your files. You’ll lose much more than money if you play Fs0ci3ty’s game. It’s rigged, and the odds are stacked against.

How did I get infected with?

Fs0ci3ty needs your permission to access your system. It cannot get in without it. So, if you’re stuck with it now, you must have given it. And, odds are, you don’t even remember doing it. But that’s hardly surprising. Do you know why? Well, ransomware applications are quite sneaky and deceptive. They trick you into giving your approval. All while keeping you oblivious to it. How do they manage that? Well, it’s rather straightforward. But one thing they rely on, and cannot succeed without, is your carelessness. Infections like Fs0ci3ty prey on it. They need it. Without your naivety, haste, and distraction, who knows if they’ll slither in undetected? If you spot them trying to gain entry, you could deny them access. And, that’s a risk such tools just cannot take. So, they turn to trickery and slyness. They fool you through freeware, corrupted links, and bogus updates. They use the as a shield to lurk behind, and you give them the green light without even realizing it at the time. Fs0ci3ty’s preferred means of infiltration is via spam email attachments. The attachment passes itself as a system driver update-related doc file. If you open it, you see that it’s full of nonsensical text. And, the file urges you to enable MS Word macros to decode it, and be able to read it. If you make the mistake of following these instructions, the encryption begins. Your data gets locked one file at a time. Don’t make that mistake. Don’t give into naivety. Don’t rush. Always be thorough and vigilant. Choose caution over carelessness.

remove Fs0ci3ty

Why is Fs0ci3ty dangerous?

After Fs0ci3ty invades your system, your files become its hostages. The tool uses AES-256 encryption algorithm to lock them. And, solidifies its hold over them by adding an unique extension at the end of each one. Every picture, video, document, etc. For example, if you have a picture called ‘summer.png,’ when the tool’s done, it’ll be different. After the encryption, that same file turns into ‘summer.png.realfs0ciety@sigaint.org.fs0ciety.’ It’s quite the lengthy extension but it does the trick. Once added, your files are no longer under your control. And, moving them, or changing their names back, does nothing. The only way to release them is with a decryption key. But to get it you have to pay a ransom. The Fs0ci3ty infection explains everything in the note it leaves for you to find. It comes in both a TXT and an HTML variant – ‘Fs0ci3ty.txt’ and ‘Fs0ci3ty.html.’ It contains the same information. Pay us 1.5 Bitcoins for the decryption key, which unlocks your data. The note even explain how you can Bitcoin in case you don’t know. You’re even given a time frame. If you take more than 24 hours to transfer the ransom, it increases. Every day you delay, you add 1 Bitcoin to the requested sum. Now, considering that’s the equivalent of about 600 US Dollars, it’s pretty scary. But the pricey ransom demand is meaningless. We mean that in the sense that even if the demand was for a single dime, you still shouldn’t pay! If you do, you only worsen your predicament. How? Well, by doing the transfer to the people behind Fs0ci3ty, you allow them into your private life. You grant them access to your personal and financial details. And, that’s a door, which once opened, cannot be closed. What do you think happens after strangers with agendas get a hold of your privacy? Are you prepared to risk it? Don’t. Do the wise thing. It may be a bit difficult but pick privacy over data. Your files are replaceable. The same does not apply for your private information.

Fs0ci3ty Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover Fs0ci3ty Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

  • Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Locate the process of the ransomware. Have in mind that this is usually a random generated file.
  • Before you kill the process, type the name on a text document for later reference.

end-malicious-process

  • Locate any suspicious processes associated with Fs0ci3ty encryption Virus.
  • Right click on the process
  • Open File Location
  • End Process
  • Delete the directories with the suspicious files.
  • Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

  • Open any folder
  • Click on “Organize” button
  • Choose “Folder and Search Options”
  • Select the “View” tab
  • Select “Show hidden files and folders” option
  • Uncheck “Hide protected operating system files”
  • Click “Apply” and “OK” button

STEP 3: Locate Fs0ci3ty encryption Virus startup location

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.

win-plus-r

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

  • and delete the display Name: [RANDOM]

delete backgroundcontainer

  • Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

  • Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

windows system restore

  • Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
  • Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.

Leave a Comment