FunkLocker, also known as FunkSec, is a ransomware-type malware that encrypts files on infected systems and demands a ransom payment for their decryption. The cybercriminals behind this threat utilize advanced techniques to target both home users and large organizations, making it a significant threat. Below, we will take a detailed look at how FunkLocker works, the damages it causes, how it spreads, and a comprehensive guide on how to remove it using SpyHunter.
Summary of FunkLocker (FunkSec) Ransomware
| Category | Details |
|---|---|
| Threat Name | FunkLocker (FunkSec) |
| Threat Type | Ransomware, Crypto Virus, Files Locker |
| Encrypted Files Extension | .funksec |
| Ransom Note File Name | README-[random_string].md |
| Ransom Amount | 0.1 BTC (Bitcoin cryptocurrency) |
| Cyber Criminal Contact | Tor network website, Sessions messenger |
| Cyber Criminal Cryptowallet | bc1qrghnt6cqdsxt0qmlcaq0wcavq6pmfm82vtxfeq |
| Free Decryptor Available? | No |
| Detection Names | Avast (Win64:MalwareX-gen [Trj]), Combo Cleaner (Trojan.GenericKD.75295749), ESET-NOD32 (A Variant Of Generik.GZBNBIS), Kaspersky (Trojan.Win32.DelShad.myd), Microsoft (Trojan:Win32/Wacatac.B!ml) |
| Symptoms | Files become inaccessible with a .funksec extension, ransom message on desktop, inability to open encrypted files |
| Distribution Methods | Infected email attachments (macros), torrent websites, malicious ads, fake software updates |
| Damage | All files are encrypted and cannot be accessed without paying the ransom. Malware may install other infections as well. |
| Danger Level | High: Encryption of files, potential data theft, additional infections |
Download SpyHunter Now & Scan Your Computer For Free!
Remove this and many more malicious threats to your system by scanning your computer with Spyhunter now! It’s FREE!
How FunkLocker (FunkSec) Works
Once the FunkLocker ransomware is executed, it begins its malicious operation by encrypting files on the infected computer. These files will have their original extensions replaced with “.funksec,” rendering them inaccessible. For example, “1.jpg” will be renamed to “1.jpg.funksec.” The encrypted files are now held hostage, and the victim is confronted with a ransom note titled “README-[random_string].md.”
Ransom Note
The ransom note demands that the victim pay 0.1 BTC (Bitcoin cryptocurrency) to receive a decryption tool. At the time of writing, 0.1 BTC is valued at approximately 10,000 USD, but the exact amount fluctuates due to the volatile nature of cryptocurrency markets.
The note provides detailed instructions on how to obtain Bitcoin and transfer it to the cybercriminal’s wallet address. It also warns the victim against contacting authorities or third parties, as well as trying to tamper with the infected files. The message closes with a boastful tone: “Start dancing, ’cause the funk’s got you now!”
Ransom Payment Details
- Ransom Fee: 0.1 BTC
- Payment Instructions:
- Buy 0.1 Bitcoin from platforms like Coinbase or Blockchain.
- Download the Sessions app from the provided link.
- Use the app to communicate with the attackers and receive the decryption key.
How FunkLocker Spreads
FunkLocker typically spreads through malicious attachments in phishing emails, fake software updates, torrent websites, and malicious ads (malvertising). Once a user clicks on an infected file, it executes and begins the encryption process. Some variants of ransomware can also self-propagate through local networks and removable storage devices, like USB drives.
The Dangers of FunkLocker
The primary danger of FunkLocker is the encryption of important files such as documents, images, and videos, rendering them inaccessible without the decryption tool. In addition to encryption, the malware may install additional trojans that steal passwords and personal information, causing further harm. Paying the ransom does not guarantee the attackers will provide the decryption key, making it a risky and ineffective solution.
How to Remove FunkLocker (FunkSec) Ransomware?
Download SpyHunter Now & Scan Your Computer For Free!
Remove this and many more malicious threats to your system by scanning your computer with Spyhunter now! It’s FREE!
If you’ve been infected with FunkLocker, the first step is to ensure that the ransomware is completely removed from your system. SpyHunter is a reliable anti-malware tool that can help in identifying and removing FunkLocker from your computer. Here’s a step-by-step guide:
Step 1: Download and Install SpyHunter
- Download SpyHunter.
- Run the installer and follow the on-screen instructions to complete the installation.
- Once installed, launch SpyHunter.
Step 2: Perform a Full System Scan
- In SpyHunter, select the “Full Scan” option to check your system for malware.
- The scan will search for FunkLocker and any other potential threats on your computer.
- Wait for the scan to complete (this may take several minutes, depending on your system’s specifications).
Step 3: Remove Detected Threats
- After the scan, SpyHunter will display a list of threats found on your system.
- Select the “Fix” option to remove FunkLocker (FunkSec) ransomware and any other malware.
- SpyHunter will proceed to remove the ransomware from your system and restore normalcy.
Step 4: Restore Files (if Backup is Available)
- If you have backups of your encrypted files, use the backup to restore your files after the ransomware has been removed.
- Ensure your backups are secure and kept in separate locations (e.g., external hard drives, cloud storage).
Preventing Future FunkLocker (FunkSec) Infections
While removing FunkLocker is crucial, it’s even more important to take steps to prevent future infections. Here are several preventive measures to help safeguard your system:
- Use a Reputable Anti-Malware Program: Keep SpyHunter or a similar anti-malware tool active on your system to detect and block ransomware and other malicious threats.
- Regular Backups: Back up important files regularly and store them in multiple secure locations (external drives, cloud services). This ensures that even if you are attacked, you can recover your data without paying the ransom.
- Be Cautious with Email Attachments: Do not open attachments or click on links in unsolicited or suspicious emails, especially if they are from unknown senders.
- Update Software Regularly: Ensure that your operating system and all installed software are up to date with the latest security patches.
- Enable Multi-Factor Authentication: If available, enable multi-factor authentication (MFA) on your accounts, especially for sensitive applications like banking or work-related tools.
- Avoid Suspicious Websites: Avoid downloading software from untrusted sources, torrent sites, or clicking on malicious ads.
- Educate Yourself and Others: Stay informed about the latest cybersecurity threats and educate others around you to reduce the risk of social engineering attacks.
Conclusion
FunkLocker (FunkSec) ransomware is a dangerous threat that can cause significant damage by encrypting critical files and demanding ransom. It is spread through phishing emails, malicious attachments, and fake software updates. While paying the ransom is not recommended, SpyHunter provides an effective way to remove FunkLocker from your system.
By following the steps above and implementing preventive measures, you can protect yourself from future ransomware infections. Remember, regular backups and a proactive approach to cybersecurity are essential in today’s threat landscape.
Download SpyHunter Now & Scan Your Computer For Free!
Remove this and many more malicious threats to your system by scanning your computer with Spyhunter now! It’s FREE!
Text Presented in the Ransom Message
# FUNKLOCKER DETECTED
**Congratulations** Your organization, device has been successfully infiltrated by funksec ransomware!
## **Stop**
– Do NOT attempt to tamper with files or systems.
– Do NOT contact law enforcement or seek third-party intervention.
– Do NOT attempt to trace funksec’s activities.
## **What happened**
– Nothing, just you lost your data to ransomware and can’t restore it without a decryptor.
– We stole all your data.
– No anti-virus will restore it; this is an advanced ransomware.
## **Ransom Details**
– Decryptor file fee: **0.1 BTC**
– Bitcoin wallet address: `bc1qrghnt6cqdsxt0qmlcaq0wcavq6pmfm82vtxfeq`
– Payment instructions:
1. Buy 0.1 bitcoin.
2. Install session from: hxxps://getsession.org/
3. Contact us with this ID to receive the decryptor: 0538d726ae3cc264c1bd8e66c6c6fa366a3dfc589567944170001e6fdbea9efb3d
## **How to buy bitcoin**
– Go to [Coinbase](hxxps://www.coinbase.com/) or any similar website like [Blockchain](hxxps://www.blockchain.com/), use your credit card to buy bitcoin (0.1 BTC), and then send it to the wallet address.
## **Who we are**
– We are an advanced group selling government access, breaching databases, and destroying websites and devices.
## **Websites to visit**
–
*Start dancing, ’cause the funk’s got you now!*
Sincerely,
Funksec cybercrime
