The USA Network TV show, Mr. Robot, turns out to be not only loved by millions of fans but also pretty inspirational for malware developers. Cyber crooks are currently developing a Mr. Robot-based piece of ransomware, using the FSociety name and logo.
The show is about the life of the talented security engineer, Elliot, who also has e second personality as Mr. Robot, the leader of the FSociety hacking team. The series made a great appearance whit the first season, winning a Golden Globe for Best Television Series – Drama.
The show represents all hacks and technical details very precisely and accurately. In fact, the Infosec community was so impressed and respected the show so much that it nominated the security expert consulting on the show, Mark Rogers, to a Pwnie Award for Epic Achievement at this year’s Black Hat security conference.
The pilot episodes of season 2 are revolving around a ransomware, launched by Mr. Robot`s crew, which is targeting ECorp, the huge corporation they are trying to destroy. This piece of ransomware used in the show looked pretty similar to the real-life CryptoWall.
The actual Mr. Robot-based ransomware, named FSociety, was uncovered by the security researcher Michael Gillespie. Even though, it is still a work in progress, its ransom screen really does include the FSociety logo.
Lawrence Abrams of Bleeping Computer also confirms that the FSociety ransomware is only at its very first steps of development, being far, far away of its truly effective movie version.
For now, all the ransomware does is locking a couple of files, using a basic encryption scheme, and displaying the ransom note with the FSociety logo. It doesn’t show any messages, notes or any other text. It doesn’t even show a ransom sum. In other words, it does nothing.
Moreover, a deeper analysis showed researchers that FSociety is not even original but just another ransomware piece based on EDA2. EDA2 is known for containing a backdoor, giving researcher opportunity to restore data from its C&C servers.
EDA2 was released by its developer, Utku Sen, in 2015 as his idea was to help researcher figure out how cybercriminals think and, most importantly, how they code. EDA2 encrypts each file individually with an AES key. Then, it takes this encryption key and encrypts it with a two-key RSA algorithm, with one locally stored key, and the other stored on the crook’s server.
However, things didn’t go as well as planned and EDA2 was taken down. Ever since, many pieces of ransomware were created based on it, but the most effective ones still remain Locky, Cerber, CryptXXX.
For the moment the real-life FSociety ransomware is not even remotely close to being as effective as its developer want it to be.