Fluffy-TAR ransomware – a wolf in sheep‘s clothing
Despite its cute veneer, Fluffy-TAR virus (alternatively called Lock75 ransomware) virus reveals its true spiky nature at the very moment when it settles on a PC. It is not surprising since this malware operates as a full-fledged crypto-malware[1]. In spite of its cute logo, the infection should not be underestimated as it is capable of encrypting files with standard but nonetheless complex AES-256 encryption technique. The developers of this malware target wide public as it provides the ransom note in English and French. Consequently, the target regions are suspected to be the European Union countries and Canada. Interestingly, that the malware is quite modest: it only demands 0,039 bitcoins which currently have the value of 44,75 USD dollars. Such small amount may encourage users to make the transaction even if you get infected with this menace. Nonetheless, this peculiarity also suggests that the gearheads may be disinterested in keeping their words and return the files after receiving the payment[2]. Therefore, if this ransomware has seized your data, instead of considering the payment, initiate Fluffy TAR removal.
Taking a better look at the malware, it seems to be a mix of several ransomware infections. It employs common encoding tools, the countdown clock, and payment procedure works similarly to other crypto-malware. Besides the distinguishing logo, the malware also leaves a peculiar mark on affected documents – it appends .lock75 file extension to all encrypted files. Fluffy-TAR malware frightens users with the digital clock counting the time until final data removal. Such alerts are not surprising as they common for the majority of threats. Regarding the speculations that Lock75 malware is still under development, it already targets a wide range of files and is capable of decrypting a large number of different file formats[3] simultaneously. Interestingly, that the tracks lead to the IP address locate at Romania and Sweden. Such diversion perfectly performs its misleading role.

The peculiarities of Lock75 malware distribution
It disguises in the veil of a trojan. Luckily, it is already identifiable by a series of anti-virus utilities. It is identified as MSIL/Filecoder_Fluffy.A!tr, MSIL.Trojan-Ransom.Fluffy.A, W32.Trojan.Gen, etc[4]. The malware operates via Fluffy-TAR.exe. Note that it might be disguised in a .zip folder. Such attachments are named as highly important files such as tax refund notifications, financial reports, etc. When receiving a personal spam email, treat such message with utmost caution. A careless click may lead to Fluffy TAR hijack or accelerate the invasion of another delicate malware. Do not rush opening spam attachments. In addition, increase the overall security of the device with FortectIntego or MalwarebytesMalwarebytes. Either of these utilities will help you remove Fluffy-TAR ransomware.
Getting rid of the malware
Despite what kind of ransomware you encounter, dealing with it manually might be not only a nerve-wracking but futile activity as well. That is why it would be better to entrust Fluffy-TAR removal to a security application[5]. In the ransom message, the hackers of this malware warn you to shut down the anti-virus tool in order not to interrupt data decryption process. However, this might be just a usual lie. In fact, you should run the security tools and remove Fluffy TAR virus right away. Some less elaborate threats need the uninterrupted period of time to finish encrypting data. Likewise, if you suspect any signs, extremely slow system process, odd User Account Control messages, restart the device. You may also locate some strange task in the Task Manager. In case, this malware prevents the security applications from starting the scan, make use of the below shown instructions.
Was this guide helpful?
3 comments