FoxRansom Ransomware Removal Guide

Do you know what FoxRansom Ransomware is?

It seems that cyber criminals are not going stop developing malware based on Hidden-Tear soon because new malware is released periodically. FoxRansom Ransomware is the newest infection detected by malware researchers. It did not encrypt files at the time of analysis, meaning that there is something wrong with it, or it is still in development. The more likely scenario is that it has not finished yet, our experienced researchers say. Even though it did not lock data on our testing machine, you might encounter a new version of FoxRansom Ransomware and find your files completely encrypted, so if you do not want this to happen to you, you cannot let yourself keep your system unprotected, i.e. without a trustworthy antimalware tool installed on it. Unfortunately, a bunch of users understand the importance of having security software enabled only after they encounter malicious software and find all their files locked. Do not be one of those users – take care of your system’s safety before it is too late.

If you have not managed to protect your system, i.e. FoxRansom Ransomware has found a way to infiltrate your computer, you must erase this threat as soon as possible even if it has not locked any of your personal files. As mentioned, FoxRansom Ransomware did not lock files during the analysis, but our specialists still managed to find out how it should act after analyzing its source code. Researchers say that a normally working version of FoxRansom Ransomware will add the .fox extension to files it encrypts. Also, it turned out that it targets only some specific files. Data it affects contains the following extensions: .txt, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .odt, .jpg, .png, .csv, .sql, .mdb, .sln, .php, .asp, .aspx, .html, .xml, and, .psd. It should not lock files in all folders on the affected computer – it searches for a Teszt folder on Desktop (%USERPROFILE%\Desktop). If the folder is not found, the decryption of files does not take place. We suspect that you will not have such a folder on your computer and thus will not find a single file locked on your PC (unless the ransomware infection is updated) if you encounter FoxRansom Ransomware. Do not forget that you need to delete this threat from your system no matter it has locked data on your PC or not.FoxRansom Ransomware Removal GuideFoxRansom Ransomware screenshot
Scroll down for full removal instructions

FoxRansom Ransomware was not distributed actively at the time of writing, and it is not very likely that this is going to change soon because, as you already know, the threat is still in development. Of course, it does not mean that it cannot become a prevalent infection. If cyber criminals update FoxRansom Ransomware and start promoting it, the most likely scenario is that it will infiltrate your computer after you open a malicious email attachment because this infection, according to our team of experts, should be mainly spread via attachments. Of course, it does not mean that it cannot be distributed in a different way as well. Our specialists have already noticed that users often download malware from the web as well. It is the reason you should always download applications only from reliable websites. For the maximum system’s protection against malicious software, you should also install an antimalware scanner on your PC.

There are some threats that are extremely hard to erase. Usually, the most harmful threats are the hardest to delete from the system. Luckily, FoxRansom Ransomware is not one of them. If you follow the manual removal guide provided below, it will not take long to get rid of it. It drops only one component – its ransom note READ_IT.txt on Desktop, but you will also have to erase its launcher by deleting recently downloaded/opened suspicious files, as you can see.

How to remove FoxRansom Ransomware

  1. Press Ctrl+Shift+Esc.
  2. Check all active processes under Processes and kill the malicious process.
  3. Open Windows Explorer.
  4. Check the following directories and delete suspicious files: %USERPROFILE%\Desktop, %USERPROFILE%\Downloads, and %TEMP%.
  5. Remove READ_IT.txt dropped on your computer.
  6. Empty Trash.

In non-techie terms:

FoxRansom Ransomware is a new threat based on Hidden-Tear. It still seems to be in development because, unlike a typical ransomware infection, it does not encrypt files on affected computers. It only drops a ransom none that contains one sentence. It does not mean that it is safe to keep this infection active on the system – there is a risk that it will get an update and then will mercilessly lock the entire computer.