Fadesoft Ransomware

Fadesoft Ransomware Overview
The Fadesoft ransomware is a virus that shows typical behavior patterns. It encrypts target user files and extorts the victims for a ransom fee payment.

The initial security analysis does not conclude if the virus is based on any existing famous malware families. However we do know that it is able to bypass the UAC (User Account Control) prompt. All network traffic with the remote C&C servers is carried out through the TOR and Privoxy networks.

The built-in encryption engine uses the AES cipher and encrypts a large amount of different file type extensions.

Fadesoft Ransomware Affected File Types
".indl, .gdb, .xls, .odb, .xlt, .cas, .apk, .nsf, .cdr, .wav, .mpg, .xlam, .epk, .dxf, .mcmeta, .wb2, .py, .tex, .pmd, .dwk, .litemod,"".mp4, .rm, .kdc, .prel, .nv2, .erf, .x3f, .arj, .rgss3a, .mpa, .xltm, .mdf, .nbf, .qic, .sko, .mov, .mpe9, .accdb, .iwi, .vcxproj, .upk,"".4db, .tar, .dwfx, .xml, .saj, .potm, .ofx, .m2, .sum, .qbb, .mpqge, .db0, .sid, .dotm, .vfs0, .slm, .docx, .bc7, .sldm, .zip, .gif, .vdf,"".lua, .ps, .3gp, .asf, .vpk, .wps, .snx, .pak, .pfx, .srw, .dbx, .sidn, .txt, .ntl, .gif, .psw, .raf, .gho, .rar, .bak, .doc, .wdb, .php,"".swf, .ifx, .sql, .mef, .w3x, .bkf, .pef, .pst, .vcf, .xla, .t13, .fla, .re4, .png, .kf, .flv, .mpd, .mlx, .m3u8, .bc6, .m4u, .odm, .efx,"".msg, .xlsx, .tax, .ppj, .rtf, .aep, .ppt, .jpeg, .key, .iff, .3fr, .ff, .pdf, .7zip, .dat, .bsa, .ltx, .bay, .m, .hvpl, .dmp, .aet, .pgp,"".max, .docb, .bar, .mddata, .fpk, .big, .class, .der, .ibank, .7z, .jpg, .p12, .bpw, .crw, .odt, .ztmp, .syncdb, .sb, .layout, .idx, .idml,"".rw2, .mpp, .xf, .bkp, .aepx, .c, .fsh, .nba, .ppam, .plc, .ncf, .odp, .kdb, .dcr, .ava, .menu, .qba, .sis, .xlm, .jar, .dtd, .itl, .dxg,"".fos, .aaf, .dot, .arw, .cs, .pdd, .as3, .gpg, .map, .ai, .dbf, .desc, .forge, .tor, .mdb, .srf, .xltx, .icxs, .qfx, .fdb, .asp, .vtf,"".cfr, .vob, .dotx, .sdf, .crp, .asset, .potx, .sie, .m3u, .sdc, .lbf, .pptm, .bmp, .nrw, .ses, .kdbx, .docm, .3ds, .wotreplay, .tif,"".hplg, .aes, .x1w, .csv, .as, .vpp_pc, .psd, .sav, .sldx, .itm, .pps, .wallet, .indb, .hpp, .rwl, .psk, .r3d, .ppsx, .gxk, .inx, .dazip,"".arch00, .PAS, .gbo, .hkdb, .pot, .pl, .d3dbsp, .ra, .qbw, .cpp, .iso, .prproj, .pem, .raw, .orf, .plb, .lrf, .ptx, .dng, .indt, .db,"".svg, .mrwref, .indd, .esm, .das, .x11, .bik, .xlk, .odc, .obi, .avi, .blob, .t12, .xqx, .wma, .java, .tib, .p7b, .sxc, .pkpass, .h,"".accdt, .ksd, .3dm, .asx, .dwg, .crt, .ppsm, .backup, .wpd, .wmv, .4dd, .xlsm, .mdbackup, .rb, .jpe, .cer, .mid, .tbl, .pptx, .3g2, .aif,"".hkx, .pdb, .ass, .itdb, .xxx, .cr2, .sr2, .rim, .js, .dba, .iwd, .myo, .eml, .eps, .ods, .sidd, .mp3, .1v1, .xlsb"

Fadesoft Ransomware Note
YOUR PERSONAL FILES ARE ENCRYPTED ! "All your important files stored on this computer and attached drives have been encrypted""using strong AES-256 + RSA-2048 cryptography algorithms.""Click on [SHOW LOCKED FILES] button to see which files have been encrypted.""The only way to recover your files is to obtain a unique private decryption key stored on""our server. There is no other way to decrypt your data without the private key.""To receive the private key, you have to buy Bitcoins and send 0.33 BTC to our address.""You can buy bitcoins on www.localbitcoins.com or use GOOGLE to find out how to buy""and send bitcoin in your region.""YOU HAVE 96 HOURS (4 DAYS) TO PAY BEFORE THE DECRYPTION KEY IS DESTROYED""ON OUR SERVER. AFTER THIS TIME YOUR DATA WILL BE LOST FOREVER!""Dont try to delete me if you want your files back. YOU HAVE BEEN WARNED.""Click on [DECRYPT MY FILES] button if you have already paid.""Decryption process is fully automated.""send 0.33 BTC to this address:""XXXXXXXXXXXXXXXXXXXXXXXXXX"

Fadesoft Ransomware Distribution
The Fadesoft ransomware is delivered via the most popular infection techniques - spam email messages, browser hijackers and dangerous redirects. In many cases malware can be delivered bundled with software installers available on various pirate sites and BitTorrent trackers.

Fadesoft Ransomware Removal
In-depth removal instructions and detailed technical information about the virus can be found on Best Security Search.