Modus operandi of Funfact ransomware virus
A brand new ransomware, called Funfact virus, is making rounds on the Internet and was recently detected by malware analysts on VirusTotal. This virus uses standard encryption algorithms[1] to convert victim’s files into hostages stored on victim’s computer. Encrypted files are strongly secured and can no longer be accessed – as long as the victim doesn’t have the unique decryption key[2]. Such situation can be solved in several ways – the victim can follow instructions left in note.ini ransom note and obey offenders’ commandments by paying the ransom they demand (which is a highly not recommended option), or use data backup[3] to restore lost files. If the victim doesn’t have a backup, one can try traditional data recovery tools and methods, however, in most cases, they fail to work because encryption ciphers are known to be very strong, and they can hardly be cracked using third-party tools. Therefore, data can be lost forever.

Speaking of Funfact ransomware, we have to point out that it drops clsign.dll, rar.exe, trc.dll, and wallet.jpg files on the system. The last one, called wallet.jpg, is a QR code[4], which victims can scan to find out what is the right Bitcoin address that they are asked to send the ransom payment to. In the ransom note, criminals also state that victim must prove that the ransom was paid by sending a copy of the transaction to funfacts11@tutanota.com or worldfunfact@sigaint.org email address. According to the criminals, then the victim will be provided with the Funfact ransomware decryption key and software that is meant to restore files to their initial condition. However, keep in mind that it is also possible to lose your money along with your files, so ask yourself whether your files are worth the risk of losing a significant amount of money. In case you decide not to pay up, you will need to remove Funfact ransomware somehow. We highly recommend you not to do it manually. For Funfact removal, employ software like FortectIntego or SpyHunterCombo Cleaner.
When did I get infected with this malicious software?
Although official Funfact distribution channels are unknown, it is believed that this ransomware Trojan spreads via mail spam and possibly via malicious software bundles. The first option is accessible to every amateur ransomware developer as it doesn’t demand any high-level programming skills, except a bit of creativity. Scammers simply need to compose convincing letters and rename the malicious executive into something that has double file extensions, for example, Document/Scan/Review/Test_Results.doc.exe. Criminals hide the real file extension, which is .exe, to convince the victim to open the file while thinking that it is a document and not an executive file. Consequently, the ransomware gets activated and encrypts all target files then. Alternatively, they might insert a malicious script into a Word file[5] and ask the victim to activate Macros to “view contents” of the document. Macros function simply activates the script, which downloads malware from a certain server. You might also get this ransomware while installing a pirated software or dubious freeware downloads.
How can I delete Funfact files from the system?
You might not be able to recover files encrypted by this ransomware, but you will need to remove Funfact virus in order to try. Therefore, we suggest you start a system scan using a reputable malware remover, anti-malware or anti-spyware tool. If you do not have one, you can install a program that we recommend – you can find some suggestions below. Most importantly, you must begin Funfact removal process correctly, so please follow instructions provided below. If you do not have a data backup, carefully read data recovery suggestions stated down below.
Was this guide helpful?
4 comments