Fappy is a ransomware-type malicious program, mapped as part of Hidden Tear ransomware family (open-source ransomware trojan that targets computers running Microsoft Windows). Fappy is quite recent and was spotted in September of 2020.
Fappy is primarily spread via phishing campaigns, illegal activation tools, illegitimate updaters, and untrustworthy download sources. It was created to encrypt data after which the operators demand ransom for the decryption, as a result of which fappy is also known as the file-locking ransomware.
During the encryption process, all infected files are renamed with the “.Fappy” extension. For instance, a file named “one[.]jpg” is encrypted as “one[.]jpg[.]Fappy,” as soon as it is infected by the virus. The operators demand 11.76 USD in BTC (0.00117 BTC), to unlock the files; the victims are also instructed to send proof of transfer.
Attackers send deceptive, phishing emails with words such as ‘official’, ‘urgent’, ‘important’ to create a sense of urgency and to invoke panic.
The ransom that Fappy operators demand is a mere 11.76 USD which suggests that their target is not corporate giants but common people, which only makes it worse. This gives them leverage to expand their campaign on a massive scale.
Encrypted Files Extension- [.]Fappy
Ransom Demanding Message- HOW TO DECRYPT FILES.txt