Today Michael Gillespie discovered a new EDA2 variant that I have dubbed the FSociety Ransomware based on the image used on the infection's wallpaper. Fans of Mr. Robot, will instantly recognize the image as the logo of the show's infamous hacking group called FSociety.
If you do not recognize the logo and are into InfoSec, you need to watch Mr. Robot now! No joke. Stop what your doing and go watch it!
For those of who are still here, this ransomware is based off the open source EDA2 project released by Utku Sen back in early 2016. Like other EDA2 variants, this ransomware will encrypt data using AES encryption and then upload the RSA encrypted decryption key to a command & control server.
Though this ransomware does work in the sense that it encrypts files, it appears that it is still being developed and not in active distribution. We know this because there are no ransom notes, no way to contact the authors to pay the ransom, and it only targets a test folder on the Windows desktop.
It also appears that the developer is such a big fan of Mr. Robot that they were more concerned about configuring the ransomware with the FSociety logo that they forgot to configure anything else.
As this ransomware is in such early development, we will be keeping an eye on it. If anything changes, I will be sure to update this article.