PoisonFang – a ransomware project created for educational purposes but may be abused by cybercriminals

PoisonFang ransomware[1] is a virus that was created for educational purposes by researchers Omer Cohen and Tal Porat from Israel Insititute of Technology. Unfortunately, cybercriminals around the world manage to steal the program and abuse it for malicious purposes, encrypting files of innocent computer users. The malware-dropper is called PoisonfangDropper.exe and is typically delivered via spam emails or is injected as a drive-by download on malicious sites. It is unknown what encryption algorithm, what file extension the virus uses, or size of ransom is used as it should be defined by bad actors why use the program for malicious purposes.
| Name | PoisonFang |
|---|---|
| Type | Ransomware |
| Country | Israel |
| Initial purpose | For educational purposes only |
| Developers | Omer Cohen and Tal Porat |
| Danger | Can be spread and work as a dangerous ransomware |
| Contact email | omer.cohen@cs.technion.ac.il; talporat@campus.technion.ac.il; sassafro@technion.acc.il |
| Distribution | Spam email attachments, malicious websites, etc. |
| Elimination | If you need protection use FortectIntego |
Although the PoisonFang program was developed as ransomware for educational purposes only, cybercriminals can quickly utilize its code and send it out as malware with all the malicious features. The purpose of such activity is obviously money extortion from the victims, whose files become inaccessible.
Malware can strike unexpectedly and alter Windows-based systems' settings to gain boot persistence and potentially avoid detection. Then, PoisonFang virus scans the device for files to encrypt. All databases, video, audio, image, and other data get encoded. The initial program window includes “Payment” and “Decrypt Files” sections, which could be filled in by hackers and ask victims for a ransom payment for the decryption key.
The program displays contact emails of developers and project supervisor: omer.cohen@cs.technion.ac.il; talporat@campus.technion.ac.il; sassafro@technion.acc.il. However, there is is very little information about the project itself:
THIS SOFTWARE the IS the FOR ACADEMIC RESEARCH Purposes to ONLY ONLY!
PoisonFang was developed as part of a ransomware project at the Technion Israel Institute of Technology
In case you encountered the activity of a virus on your PC, immediately proceed with PoisonFang ransomware removal. Even though it is not your typical ransomware, you must not think of it any different, as it can lead to permanent data loss after file encryption.[2]
To remove PoisonFang ransomware, you should use an anti-malware tool. FortectIntego or other similar programs can be used for that. Do not try to eliminate the malware manually as it will most likely result in a failure.

Malicious programs come via spam emails
Researchers[3] warn that any executable files can be associated with ransomware, and are often cleverly disguised. Those files can look safe and legit, as the payload can be carried inside MS office documents, PDF or other typical file formats. The biggest red flag should raise if the attachment asks to enable Macro function. Do not agree to do that!
Malware authors often use botnets to distribute ransomware. These spam machines are capable of sending thousands of phishing emails in a short time and potentially infect many less-computer savvy or less-aware users. The reason for that being is that quite often these messages use names of influential companies, their logos, styling, etc.
Therefore, please beware of spam emails, as any of them can be malicious, no matter how genuine they look. Merely delete emails from questionable sources. If absolutely necessary, make sure you scan the attachment before opening it, although it does not guarantee virus detection either.
Remove PoisonFang ransomware from your computer before it's too late
If you got infected and wanted to remove PoisonFang ransomware, you should use anti-malware software, such as FortectIntego, SpyHunterCombo Cleaner or MalwarebytesMalwarebytes. We recommend these tools because they are designed to deal even with the most robust malware. Remember that malware can prevent security software from working properly. In such case, enter Safe Mode with Networking as explained below.
PoisonFang ransomware removal should be executed before trying to restore files from an external drive or cloud-based service. Otherwise, your data will be encrypted again. If you do not have any backups, you can try to restore files using third-party software – we explain how below.
Was this guide helpful?
Be the first to comment