Types header

Name

FAKBEN

Type

Crypto-Ransomware.

Encryption Type

 Simple AES algorithm.

Short Description

This is a Raas(Ransomware as a service). This belongs to crypto type ransomware. This site is based on Tor domain, this site claims that they will take 10percent of total ransom paid.

Symptoms

 The desktop background of the victim will be changed and some files become unusable.

Distribution Method

Spam mail or USB drives.

Image

FAKBEN

 

 fakeban

 

 

More Details

The FAKDEN team offers a unique & special professional service by renting the cryptolocker ransomware through an executable file which can be customized according and then sent to specific person demanding the ransom.

Once the ransomware is sent to the victim if he double clicks on it, this creates an autorun run on registry to execute automatically whenever the system is rebooted, the registry is created under win logon and run with shells and MS. This also disable the task manager by changing the registry setting into disable task manager value =1,

C&C REG: The ransomware obtains the OS and packs by querying the name of product and the CSD version of registries, this also collects the GUID of machine by MachineGUID  registry. The ransom note both textand as an image is used to lock ther desktop of the user the file is named as READ ME FOR DECRYPT.txt to all infected registries. This also provide QR code for making the process simple. There are decryptors available for these.