Contents
FOX is a ransomware-type virus that encrypts all files on target Windows computers. It is the latest Matrix ransomware variant that changes original filenames of locked files with [PabFox@protonmail.com ].[random characters].FOX. Following a successful data lock, the virus drops a ransom note called #FOX_README#.rtf into each affected file folder. Finally, the virus changes affected computer’s desktop wallpaper. The primary distribution vector for this crypto-malware is RDP vulnerabilities.
FOX ransomware is relatively a slow virus as it is designed to close all files (if opened) before starting the data encryption process. This actually gives victim some time to detect and stop the ransomware process before all files are locked. The ransomware employs two encryption algorithms – AES-128 and RSA-2048 to secure the files, and once done, they can be decrypted only with keys held by the cybercriminals. The attackers suggest purchasing these keys, or in other words, paying a ransom, which can reach up to $3500, depending on data amount and time the victim needs to pay.
The ransom note file, #FOX_README#.rtf, contains instructions on how to recover encrypted files. It states that data was locked due to “bad server security” and suggests buying “unique decryption key and special software” from the criminals. The note also urges to pay as soon as possible, or the data will be deleted after 7 days and data will be lost forever. To learn how to pay the ransom and get access to FOX ransomware decryption tool, the victim is asked to write to each of the three provided emails, and include personal ID in the subject line.
The note also instructs attaching three encrypted files to the letter so that the criminals can decrypt them and prove that they actually have tools for data recovery. The crooks also tell that they can “find common language” with the victim and help to restore all data, plus give recommendations on how to configure the server for better security. In case the victim does not receive an answer from the provided emails, the note suggests using given instructions to write them via Bitmessage.
If you have been infected by this ransomware, we recommend performing FOX ransomware removal using trustworthy anti-malware tool. Our suggested RESTORO software can help to repair virus damage on Windows OS files.
Name | FOX ransomware virus |
Type | Ransomware; File Locker; Crypto-malware |
Symptoms | Files are renamed, their icons turn blank, they cannot be opened. Each affected file folder contains a ransom note that demands contacting the criminals and paying the ransom, otherwise data will be lost forever. |
File Marker | [PabFox@protonmail.com ].[random characters].FOX |
Ransom note | #FOX_README#.rtf |
Ransom amount | $500-$3500 |
Distribution | Remote Desktop Protocol vulnerabilities |
Decryption | No decryption tools for FOX ransomware are available |
Removal | Remove ransomware using anti-malware tool. We recommend repairing virus damage using RESTORO |
FOX ransomware is essentially similar to other ransomware infections such as DHARMA, STOP/DJVU, or XATI. The main difference is that the discussed virus is mainly used in targeted attacks. Viruses that fall into the same category all function the same – they encrypt files and keep them as hostages until the victim pays the ransom. However, we do not recommend paying the ransom as you can never trust cyber criminals. You might never receive decryption tools after paying up, and criminals might try to attack you again for more money.
Screenshot of desktop wallpaper set by FOX virus:
Screenshot of folder containing encrypted data:
Contents of the ransom note left by the virus:
HOW TO RECOVER YOUR FILES INSTRUCTION
ATENTION!!!
We are realy sorry to inform you that ALL YOUR FILES WERE ENCRYPTED
by our automatic software. It became possible because of bad server security.
ATENTION!!!
Please don’t worry, we can help you to RESTORE your server to original
state and decrypt all your files quickly and safely!
INFORMATION!!!
Files are not broken!!!
Files were encrypted with AES-128+RSA-2048 crypto algorithms.
There is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly DELETED AFTER 7 DAYS! You will irrevocably lose all your data!
* Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!
* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.
HOW TO RECOVER FILES???
Please write us to the e-mail (write on English or use professional translator):
PabFox@protonmail.com
FoxHelp@cock.li
FoxHelp@tutanota.com
You have to send your message on each of our 3 emails due to the fact that the message may not reach their intended recipient for a variety of reasons!
In subject line write your personal ID: c0pyc@tfr0mpcr1sk
We recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files.
* Please note that files must not contain any valuable information and their total size must be less than 5Mb.
OUR ADVICE!!!
Please be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.
We will definitely reach an agreement 😉 !!!ALTERNATIVE COMMUNICATION
#FOX_README#.rtf
If yоu did nоt rеcеivе thе аnswеr frоm thе аfоrеcitеd еmаils fоr mоrе then 24 hours please sеnd us Bitmеssаgеs frоm а wеb brоwsеr thrоugh thе wеbpаgе hxxps://bitmsg.me. Bеlоw is а tutоriаl оn hоw tо sеnd bitmеssаgе viа wеb brоwsеr:
1. Оpеn in yоur brоwsеr thе link hxxps://bitmsg.me/users/sign_up аnd mаkе thе rеgistrаtiоn bу еntеring nаmе еmаil аnd pаsswоrd.
2. Уоu must cоnfirm thе rеgistrаtiоn, rеturn tо уоur еmаil аnd fоllоw thе instructiоns thаt wеrе sеnt tо уоu.
3. Rеturn tо sitе аnd сlick “Lоgin” lаbеl оr usе link hxxps://bitmsg.me/users/sign_in, еntеr уоur еmаil аnd pаsswоrd аnd click thе “Sign in” buttоn.
4. Сlick thе “Сrеаtе Rаndоm аddrеss” buttоn.
5. Сlick thе “Nеw mаssаgе” buttоn.
6. Sеnding mеssаgе:
Tо: Еntеr аddrеss: BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm
Subjесt: Еntеr уоur ID: [string]
Mеssаgе: Dеscribе whаt уоu think nеcеssаrу.
Сlick thе “Sеnd mеssаgе” buttоn.
FOX ransomware, as part of MATRIX virus, is mainly distributed in targeted attacks using RDP exploits. In other words, the attackers tend to brute-force vulnerable RDP credentials to compromise connections. To protect your computer network against such attacks, RDP should be used very carefully and with proper complexity passwords. In addition, two-factor authentification should be used for maximum security.
Other common ransomware distribution method is malicious email spam. It typically involves usage of specifically-crafted messages to the victim, often with tone that requires urgent actions (such as open a document, reply to the email after viewing attachment or link contents, and so on). We recommend being extremely cautious and double-checking the sender’s trustworthiness before opening any attachments, plus, never enable document editing or Macros if that is not absolutely necessary.
Finally, the crooks insert ransomware executables in illegal online torrent downloads. The most common way is to add these to various software cracks, or, in other words, illegal tools users employ to activate paid software licenses for free. Stay away from such downloads to keep your computer, data and privacy secure.
We recommend you to remove FOX ransomware virus as soon as possible using tools recommended below the article. What is more, you may want to use RESTORO for virus damage repair on default Windows OS files. It is a recommended tool that can fix various Windows problems as explained in its review here.
FOX virus removal leaves a free way for data recovery procedure. Once you finish with the malware elimination, you can use your external storage devices to restore data that was corrupted. Speaking of FOX decryption tool, such software currently does not exist.
OUR GEEKS RECOMMEND
Our team recommends a two-step rescue plan to remove ransomware and other remaining malware from your computer, plus repair caused virus damage to the system:
GeeksAdvice.com editors select recommended products based on their effectiveness. We may earn a commission from affiliate links, at no additional cost to you. Learn more.
FOX ransomware virus Removal Guidelines
Before you try to remove the virus, you must start your computer in Safe Mode with Networking. Below, we provide the easiest ways to boot PC in the said mode, but you can find additional ones in this in-depth tutorial on our website – How to Start Windows in Safe Mode. Also, see a video tutorial on how to do it:
Instructions for Windows XP/Vista/7 users
Instructions for Windows 8/8.1/10 users
Now, you can search for and remove FOX ransomware virus files. It is very hard to identify files and registry keys that belong to the ransomware virus, Besides, malware creators tend to rename and change them repeatedly. Therefore, the easiest way to uninstall such type of a computer virus is to use a reliable malware removal program. In addition, we suggest trying a combination of INTEGO antivirus (removes malware and protects your PC in real-time) and RESTORO (repairs virus damage to Windows OS files).
REMOVE MALWARE & REPAIR VIRUS DAMAGE
1 Step. Get robust antivirus to remove existing threats and enable real-time protection
INTEGO Antivirus for Windows provides robust real-time protection, Web Shield against phishing and deceptive websites, blocks malicious downloads and blocks Zero-Day threats. Use it to remove ransomware and other viruses from your computer professionally.
2 Step. Repair Virus Damage on Windows Operating System Files
Download RESTORO to scan your system for FREE and detect security, hardware and stability issues. You can use the scan results and try to remove threats manually, or you can choose to get the full version of software to fix detected issues and repair virus damage to Windows OS system files automatically.
In order to use System Restore, you must have a system restore point, created either manually or automatically.
Instructions for Windows XP/Vista/7 users
Instructions for Windows 8/8.1/10 users
After restoring the system, we recommend scanning the system with antivirus or anti-malware software. In most cases, there won't be any malware remains, but it never hurts to double-check. In addition, we highly recommend checking ransomware prevention guidelines provided by our experts in order to protect your PC against similar viruses in the future.
Malwarebytes Anti-Malware
Removing spyware and malware is one step towards cybersecurity. To protect yourself against ever-evolving threats, we strongly recommend purchasing a Premium version of Malwarebytes Anti-Malware, which provides security based on artificial intelligence and machine learning. Includes ransomware protection. See pricing options and protect yourself now.
System Mechanic Ultimate Defense
If you're looking for an all-in-one system maintenance suite that has 7 core components providing powerful real-time protection, on-demand malware removal, system optimization, data recovery, password manager, online privacy protection and secure driver wiping technology. Therefore, due to its wide-range of capabilities, System Mechanic Ultimate Defense deserves Geek's Advice approval. Get it now for 50% off. You may also be interested in its full review.
Disclaimer. This site includes affiliate links. We may earn a small commission by recommending certain products, at no additional cost for you. We only choose quality software and services to recommend.
Norbert Webb is the head of Geek’s Advice team. He is the chief editor of the website who controls the quality of content published. The man also loves reading cybersecurity news, testing new software and sharing his insights on them. Norbert says that following his passion for information technology was one of the best decisions he has ever made. “I don’t feel like working while I’m doing something I love.” However, the geek has other interests, such as snowboarding and traveling.
Private Internet Access (PIA) VPN maintains its long-term role as a leader Private Internet Access…
XCBG ransomware aims to lock your files and demand a ransom XCBG ransomware is a…
BPQD ransomware encrypts all computer files, demands a ransom from the user BPQD ransomware is…
KQGS ransomware is a hostile computer virus designed to encrypt all of your files KQGS…
VTYM ransomware description: a virtual menace to your files stored on the computer VTYM ransomware…
FOPA ransomware is a new threatening computer virus that encrypts your files FOPA ransomware virus…
This website uses cookies.