Mr. Robot’s fsociety ransomware is here

Aug 22, 2016360TS

Mr Robot's fsociety ransomware wallpaper on infected computers

A new type of ransomware has been discovered recently. This ransomware, known as fsociety ransomware, is a variant of EDA2, and what makes it special is that it is named after the hacker group in the TV fiction series Mr. Robot.

In the series, fsociety is a hacking group that tries to bring down E Corp, a financial conglomerate, with the purpose of altering the current world order. In one of the attacks against E Corp, fsociety uses a ransomware that resembles the real malware CryptoWall, but displaying a wallpaper with an image of the infamous mask used by the group.

Besides its interesting plot, the series has been praised by the InfoSec community for the technical accuracy of the hacks performed by its characters.

Real-life fsociety ransomware has been discovered by security researcher Michael Gillespie, and apparently it is still at an early stage of development. Fsociety ransomware is still not propagating on the net, and according to the researcher, currently it only targets a test folder on Windows. The malware leaves no ransom notes nor author contact information to pay the ransom. Its ransom screen, however, does show fsociety’s mask.

Fsociety malware is based in EDA2. EDA2 is an open source project created in 2015 by Utku Sen, with the purposed of helping researchers to understand malware and cybercriminals coding. EDA2-based ransomware uses AES encryption to lock user’s access to its files, encrypts the encryption key itself and uploads it to a specific server.

Although this malware has not extended yet, it is prudent to keep an eye on its evolution during the following months.