FONIX Ransomware: New Bad Boy in Town Looking for Partners | Cyware Alerts

Fonix is a new RaaS (Ransomware-as-a-Service) being offered at several underground cybercriminals forums. Recently, the ransomware has been observed actively spreading and targeting Windows-based system users.

Modus operandi

The ransomware can spread by general infection vectors such as malvertising campaigns, torrent trackers, fake software updates or downloads, and spam emails. It comes in 64-bit and 32-bit variants to target Windows systems.

  • The ransomware is a low-key threat that uses four types of encryption algorithms, such as Salsa20, Chacha, RSA, and AES.
  • After being executed with administrative privileges, the malicious payload performs multiple changes to systems. For example, disabling the task manager, creating a hidden service, and a few other operations.
  • The author of this ransomware keeps 25% of any ransom amount from its affiliate network instead of charging a joining fee.
  • The affiliates do not get instant access to decryptor utility or keys; instead, they must provide files from a victim system. 
  • Consequently, RaaS operators decrypt the files and then send them back to the victims.

Recent association

In addition to Fonix, other ransomware programs are actively spreading and targeting various organizations around the world.

  • Recently, Egregor, a newly discovered ransomware family, has been found targeting corporations located in France, Germany, Italy, Japan, Mexico, Saudi Arabia, and the U.S.
  • Last month, Mount Locker ransomware was found to be stealing victims’ files before encrypting. Furthermore, the ransomware demanded multi-million dollar ransoms.
  • In July, A new RaaS, called Thanos, was found being advertised on an underground market.


Ransomware is now one of the most prominent cyber threats, and the situation has worsened after the coronavirus pandemic. Experts suggest taking regular backup of important data, along with patching and updating the system regularly. Finally, refrain from downloading anything from untrustworthy sources.

Source link

Recent articles

COVID-19: As UK winter sets in minorities fear second wave impact | United Kingdom News

London, United Kingdom – In an attempt to protect his bed-bound grandfather from coronavirus, 19-year-old university student Osman and his family wore masks...

How Last Year’s Pandemic Simulation Foreshadowed Covid-19

An employee walks at El Alto International Airport in El Alto, Bolivia, on Oct. 21, 2020.Photo: RONALDO SCHEMIDT/AFP (Getty...

Blender 2.9 – Rolling Waves Looping Mograph Animation

Tom Latvys writes: In this tutorial, you'll learn how to create a looping mograph animation of some stylized rolling waves, using a few...

Sopra Steria Hit by New Ryuk Variant

French IT services giant Sopra Steria has said it will take weeks to return to normal after a serious ransomware attack forced key...

The Font of Misinformation and Lies at Trump Campaign Rallies

Thank you very — this is great. Hello. How are you? Thank you, everybody. Thank you very much. Thank you. Thank you. And...

Leave a reply

Please enter your comment!
Please enter your name here