FUCKaNDrUN Ransomware Removal Guide

If you have the misfortune of facing FUCKaNDrUN Ransomware, you need to act fast. Although it is unlikely that you will be able to stop this malware from encrypting your files, you might be able to remove it and restore the normal order of things. The biggest issue with this threat is that it encrypts files, and, at the time of research, there was no sure way of getting them decrypted. The infection comes from the Hidden Tear family (just like JesusCrypt Ransomware, TrumpHead Ransomware, and others), and free decryptors compatible with this malware have been created. However, not all variants can be decrypted, and so you should not get your hopes up just yet. That being said, you should definitely try out legitimate tools before admitting defeat. Can you restore files by deleting FUCKaNDrUN Ransomware? Unfortunately, you cannot, but this threat must be eliminated as soon as possible.

You are unlikely to notice when FUCKaNDrUN Ransomware slithers into your operating system because it can hide within spam emails (as harmless-looking files) and bundled downloaders. Of course, if you download the launcher of the infection, and you quickly realize that the file is not what you expected it to be, you might be able to delete it before files are encrypted. Unfortunately, most people realize that they need to remove FUCKaNDrUN Ransomware only after all files are encrypted. At least 68 different types of files – including .exe, .txt, .doc, .jpg, or .mp3 –can be corrupted by this malware, but it does not encrypt everything. Instead, it targets Contacts, Desktop, Downloads, Favorites, Links, Music, OneDrive, Pictures, Saved Games, Searches, and Videos folders in the %USERPROFILE% directory. After encryption, you should notice the “.FUCKaNDrUN” extension appended to the files’ names, and while you can delete it, you do not need to do it, unless you do not care about wasting time.

A file named “READ_IT.txt” is dropped to the Desktop by FUCKaNDrUN Ransomware after encryption. The threat also downloads a file named “pR2muPq.png” from https://i.imgur.com/. The latter file is used as a replacement for the normal Desktop wallpaper, and the message represented via it informs that files were encrypted. This is how you might learn about the attack first. The intimidating image also displays an email address – help-me-now@mail.bg – and the so-called “personal installation key.” The .TXT file is a bit more detailed, and it informs that files can be recovered using a “decryption service” offered by the attackers. They instruct you to pay a ransom of $300 in Bitcoin to their Bitcoin wallet and then send the payment information and the unique “personal installation key” to the presented email address. We do not recommend contacting the attackers because they could send you misleading, malware-ridden messages. If you pay the ransom, you are unlikely to get the files decrypted. Of course, you are free to do whatever you want, but remember that you are likely to get hurt if you choose to communicate with cybercriminals.

Not all victims of FUCKaNDrUN Ransomware will face the same fate. Even if free decryptors are not available, some victims might be able to replace the corrupted files. Of course, personal files cannot be replaced unless copies exist, and we hope that they do in your case. With more and more file-encrypting threats emerging, it is more important than ever before to set up cloud storage or external drives to create backups. After you remove FUCKaNDrUN Ransomware, you can easily eliminate the corrupted files and, if necessary, drop the replacements in their spots. Can you use internal backups? In this case, you might be able to do that, but note that many infections are able to destroy such backups. So, do you feel prepared to perform removal? While getting rid of this threat manually is a challenge, if you install an automated anti-malware program, you will have the threat erased in no time. On top of that, your system’s protection will be strengthened too!

How to delete FUCKaNDrUN Ransomware

1. Right-click and Delete the file called READ_IT.txt (on desktop).
2. Right-click and Delete the malicious {unknown name}.exe launcher file (location is unknown).
3. Change the wallpaper and then Delete the pR2muPq.PNG file used by the ransomware.
4. Empty Recycle Bin and then use a malware scanner to check the system for leftovers.