What is Factfull Ransomware?

Factfull ransomware is a type of malware that encrypts all the files on a computer until the user pays a ransom. Files encrypted by Factfull will have a .factfu extension appended at the end of the file name. Factfull is delivered through a Win32 EXE file and has been spotted inside the following files and processes: ['asdasdasdsa', '7zipInstdsdl.exe', '1.exe', '7af94510880340c6028fbf64242e59fabecb4da053ffc9501b2df4065250a79b.sample', '1b89064576d13b8bd653af2ee917d954.virus']

What is Ransomware?

Ransomware is a type of malware that encrypts a user’s files, holds them hostage, and demands a ransom payment to restore access to the data when the attack is over. Hackers use ransomware as a way to extort organizations, governments and individuals for money. They typically target organizations with valuable data and encrypt the victim’s files to prevent access. The victim is then presented with instructions for how to pay a ransom to get the decryption key.

How Does ransomware Spread?

Ransomware is commonly spread through spam emails, social engineering, or drive-by downloads. Once the malware is installed, it will encrypt files and append an extension, such as .enc or .ransom, to the names of the files.

Factfull ransomware Capabilities:

Factfull ransomware uses File and Directory Discovery attack techniques to find specific information within a file system. The information is used to shape follow-on behaviors, including whether or not the adversary fully infects the target.

Factfull ransomware also uses System Information Discovery attack techniques to gather detailed information about the target operating system and hardware. This information is used to shape the ransomware's subsequent behavior, including whether or not the ransomware fully infects the target. Factfull ransomware may also use IaaS cloud providers to access instance and virtual machine information.

Mitigations Against Factfull Ransomware

Factful ransomware attacks can be mitigated by using toolkits like the PowerSploit framework, which contain modules that can be used to explore systems for permission weaknesses in scheduled tasks that could be used to escalate privileges. The ransomware Factful ransomware can also be mitigated by using file system access controls to protect folders such as C:\\Windows\\System32.

Here are a few other measures avoid ransomware infections:

1. Here are some guidelines you can use with staff to avoid ransomware attacks:
2. Limit privileges of user accounts and remediate Privilege Escalation vectors so only authorized administrators can create scheduled tasks on remote systems.
3. Use application whitelisting to prevent unauthorized applications from running on systems.
4.  Back up data regularly and store the backups in a secure location
5. Install and regularly update antivirus software.
6. Educate employees about ransomware and how to identify malicious emails and attachments.

How to Remove Ransomware?

To get rid of ransomware, you will need to restore your computer from backup, if you have one. Otherwise, you can use a system recovery disc to wipe the computer and reinstall the OS and any programs you need. If you don't have a backup, you can try to use an antivirus program to remove the ransomware. However, this is only possible if the ransomware hasn't encrypted all your files.

How to Protect Against Ransomware?

Be Careful What You Download: While there are some useful programs on the internet, there are also malicious ones. Only download programs and files from trusted sources. Don't download anything from that source if you see any red flags, such as strange file extensions or unknown email addresses.

Keep Your Software Updated: The biggest security hole in most computers is not correctly patched software. If a hacker can find a hole in your software, they can use it to get access to your computer. Keeping your software patched makes it harder for hackers to find those holes. 

Use Antivirus Software: There are many types of antivirus software, but the most important one automatically scans downloaded files for malicious content.