FSociety Mr. Robot Ransomware

FSociety wants a piece of the ransomware cake

Now that series have taken the lead in entertainment – and have done so with great plots and intriguing story lines – there is one featuring a young hacker named Elliot who works for a cyber-security company. The show is called Mr. Robot and has been a big surprise: it takes hacking more seriously than many other TV or cinema productions, it has an awesome soundtrack, and even a great title based on the classic SEGA font.

FSociety Mr. Robot Ransomware

The show is focused on cyber security and includes [SPOILER AHEAD] an episode where a bank is attacked by ransomware [END OF THE SPOILER]. And, it has been just been a matter of time for a malware like that to be brought into existence in the real world. The latest news is that there is a new ransomware on the block, apparently still under development, that does just that. It pays a tribute to FSociety – the hacker team from Mr. Robot – even using the same logo and font as they have in the series.

FSociety Ransomware is harmless … for the moment

It is based on EDA2 – the open-source code to create ransomware. It uses the Adobe PDF file icon even though it is an .exe file, after all, it does not want to look suspicious and keep you from clicking on it. Once executed, it will encrypt files using an AES encryption and create a RSA key to decrypt them. So far, it only encrypts a testing folder on the Windows desktop to “.locked” extension files. Last but not least, and as a tribute to Mr. Robot, it also changes the desktop background image.

FSociety Mr. Robot Ransomware

If you know the show, you will notice that this is exactly the same logo as used by the hacking group in Mr. Robot, which makes me think about the possible reasons behind it:

  1. Some guy wanted to do exactly what we described above – nothing more, nothing less. His goal might have been to create a harmless version, but maybe it is still under development and might become as bad and as dangerous as other ransomware families.
  2. It is a viral campaign related to the show. It “infects” users so they will get curious and try to find out what FSociety is all about. Then they will find Mr. Robot and they may start watching the show.

But beware: While not a threat now, it is based on EDA2, which means it could potentially become as harmful as the rest. No matter what though – real or fake, advertisement or harmful malware still under development – we already detect it as malware.

This post is also available in: GermanFrenchItalian