FunkLocker, also known as FunkSec, is a dangerous and highly disruptive type of ransomware that encrypts your files and demands a ransom for their decryption. This guide will give you a detailed overview of FunkLocker’s operations, how to remove it using SpyHunter, and how to protect yourself from future infections.
What is FunkLocker (FunkSec)?
FunkLocker, also referred to as FunkSec, is a ransomware-type malware that encrypts a victim’s files and demands payment to decrypt them. Once the ransomware infects a computer, it appends the .funksec extension to encrypted files, making them inaccessible to the user. FunkSec typically spreads through phishing emails, malicious ads, or infected websites. The ransom demand is issued through a file titled “README-[random_string].md,” and the victim is instructed to pay 0.1 BTC (Bitcoin) for the decryption tool.
Remove annoying malware threats like this one in seconds!
Scan Your Computer for Free with SpyHunter
Download SpyHunter now, and scan your computer for this and other cybersecurity threats for free!
How FunkLocker (FunkSec) Works
Once FunkLocker infects a system, it executes a series of actions to lock the user's files and demand payment for their restoration:
- File Encryption: The ransomware encrypts files on the infected system and changes their file extensions to
.funksec. For example, a file named1.jpgwill be changed to1.jpg.funksec. - Ransom Note: FunkSec creates a ransom note titled
README-[random_string].md, which is displayed to the victim. This note contains information about the attack and the ransom demand. - Encryption Algorithm: FunkLocker uses strong encryption to lock files, making it nearly impossible to decrypt them without the proper decryption key.
- Ransom Demand: The attackers demand 0.1 BTC (roughly 10,000 USD depending on exchange rates) for the decryption key. Victims are instructed to send the Bitcoin payment to a specified wallet address.
- Payment Instructions: The ransom note provides detailed instructions for purchasing Bitcoin and transferring it to the cybercriminals’ wallet. Victims are also warned not to contact authorities or attempt to tamper with the encrypted files.
Symptoms of FunkLocker (FunkSec) Infection
If your system has been infected with FunkLocker, here are the common symptoms you may experience:
- Inaccessible Files: Files on your computer will no longer open. They will have the
.funksecextension appended to their names. - Ransom Note: A file named
README-[random_string].mdwill be created on your desktop, containing ransom instructions. - Locked Screen: The ransomware may change your desktop wallpaper to a ransom-related image.
- Inability to Access Files: When attempting to open encrypted files, you will receive an error message or the file will not open at all.
Threat Summary
| Attribute | Details |
|---|---|
| Threat Name | FunkLocker (FunkSec) |
| Type | Ransomware, Crypto Virus, File Locker |
| Encrypted File Extension | .funksec |
| Ransom Note File Name | README-[random_string].md |
| Ransom Amount | 0.1 BTC (approx. 10,000 USD) |
| Cyber Criminal Cryptowallet | bc1qrghnt6cqdsxt0qmlcaq0wcavq6pmfm82vtxfeq |
| Free Decryptor Available? | No |
| Cyber Criminal Contact | Tor network website and Sessions messenger |
| Detection Names | Avast, Combo Cleaner, ESET, Kaspersky, Microsoft, etc. |
| Symptoms | Files encrypted with .funksec extension, ransom note |
| Distribution Methods | Phishing emails, malicious ads, infected websites |
| Damage | Files are encrypted and inaccessible without payment, additional malware infections may occur |
| Danger Level | High – Critical data loss and potential additional malware infections |
How FunkLocker (FunkSec) Infects Your Computer
FunkLocker spreads mainly through phishing emails, malicious ads, and infected websites. Here's how it can sneak into your system:
- Phishing Emails: FunkSec often spreads via emails with malicious attachments or links. The attachments could be disguised as legitimate documents, such as PDF files or Word documents, that contain macros. Once opened, these macros run scripts that download and execute the ransomware.
- Malicious Ads (Malvertising): FunkSec may also be delivered through infected ads on websites, redirecting you to malicious landing pages that automatically download and run the ransomware.
- Infected Websites: Visiting a compromised website can also result in the download and execution of FunkLocker without your knowledge. These sites often exploit vulnerabilities in outdated web browsers or plugins.
- Torrent Sites: Malicious torrents offering illegal or pirated content can also deliver the ransomware. These torrents often contain bundled malicious files that execute once the user opens them.
How to Remove FunkLocker (FunkSec) with SpyHunter
If your computer is infected with FunkLocker (FunkSec), it’s crucial to remove the ransomware immediately to prevent further damage and file encryption. Here’s a step-by-step guide on how to remove FunkLocker using SpyHunter:
- Download SpyHunter: Download the latest version of the software. Ensure you are downloading from a trusted source to avoid additional malware.
- Install SpyHunter: Follow the on-screen instructions to install SpyHunter on your computer. Make sure to accept the terms of service and complete the installation.
- Update the Software: After installation, run SpyHunter and update the database to ensure it can detect the latest threats, including FunkLocker (FunkSec).
- Run a Full System Scan: Launch SpyHunter and perform a Full System Scan. The software will scan your computer for FunkLocker and any other malware infections that might be present.
- Review and Remove Threats: Once the scan is complete, SpyHunter will display a list of detected threats. Carefully review the results, and choose to Remove All to eliminate FunkLocker and any associated threats.
- Restart Your Computer: After the removal process is complete, restart your computer to ensure all components of FunkLocker are fully removed.
- Restore Your Files: If you have a backup of your files, you can restore them now. If not, unfortunately, there’s no free decryptor available for FunkLocker, and you may need to consider professional data recovery services.
Preventive Methods to Avoid Future Infections
Once you’ve dealt with the FunkLocker (FunkSec) ransomware, it’s important to take steps to avoid future infections. Here are some preventive measures you can take:
- Use Strong Security Software: Install and regularly update reliable security software, such as SpyHunter, to detect and block ransomware before it can infect your system.
- Avoid Suspicious Emails and Links: Be cautious when opening email attachments or clicking on links from unknown senders. Always verify the source of any email or message before interacting with it.
- Regular Backups: Regularly back up your files to multiple separate locations, including remote servers, external hard drives, and cloud storage services. This ensures you can restore your files in case of a ransomware attack.
- Update Your Software: Keep your operating system, applications, and antivirus software up to date. Install security patches and updates to fix vulnerabilities that could be exploited by ransomware.
- Disable Macros: Disable macros in Microsoft Office and other applications to prevent malware from executing automatically from email attachments.
- Be Careful with Torrents and Pirated Content: Avoid downloading torrents or pirated software, as these are common methods for distributing ransomware.
Conclusion
FunkLocker (FunkSec) ransomware is a dangerous malware that can encrypt your files and demand a ransom for their decryption. While it’s important to avoid paying the ransom, removing the ransomware as soon as possible and taking steps to protect your system from future infections is crucial. By following the steps outlined in this guide and using SpyHunter to remove the ransomware, you can protect your computer and restore your files. Always remember to back up your files regularly and use security software to prevent future attacks.
Remove annoying malware threats like this one in seconds!
Scan Your Computer for Free with SpyHunter
Download SpyHunter now, and scan your computer for this and other cybersecurity threats for free!
Text Presented in the Ransom Message
# FUNKLOCKER DETECTED
**Congratulations** Your organization, device has been successfully infiltrated by funksec ransomware!
## **Stop**
- Do NOT attempt to tamper with files or systems.
- Do NOT contact law enforcement or seek third-party intervention.
- Do NOT attempt to trace funksec's activities.
## **What happened**
- Nothing, just you lost your data to ransomware and can't restore it without a decryptor.
- We stole all your data.
- No anti-virus will restore it; this is an advanced ransomware.
## **Ransom Details**
- Decryptor file fee: **0.1 BTC**
- Bitcoin wallet address: `bc1qrghnt6cqdsxt0qmlcaq0wcavq6pmfm82vtxfeq`
- Payment instructions:
1. Buy 0.1 bitcoin.
2. Install session from: hxxps://getsession.org/
3. Contact us with this ID to receive the decryptor: 0538d726ae3cc264c1bd8e66c6c6fa366a3dfc589567944170001e6fdbea9efb3d
## **How to buy bitcoin**
- Go to [Coinbase](hxxps://www.coinbase.com/) or any similar website like [Blockchain](hxxps://www.blockchain.com/), use your credit card to buy bitcoin (0.1 BTC), and then send it to the wallet address.
## **Who we are**
- We are an advanced group selling government access, breaching databases, and destroying websites and devices.
## **Websites to visit**
-
*Start dancing, 'cause the funk's got you now!*
Sincerely,
Funksec cybercrime
