This malware is designed to encrypt files and append the “.lock75″ extension to associated filenames (for example, “sample.jpg” might be renamed to “sample.jpg.lock75″). After infiltrating the system (and then encrypting files), Fluffy-TAR displays a pop-up window and places the “fluffy.png” (image of an animation) file on the desktop.
The pop-up window contains a ransom-demand message available in English and French. It is stated that files are encrypted and decryption requires a unique key. To receive this key, victims must pay a ransom of .039 Bitcoin (approximately, $45).
The Trojan may run as ‘Fluffy-TAR.exe’ and ‘Fluffy.exe’ from the Temp and AppData directories on infected machines. We should note that the executable can be configured to use random names that are unique for every compromised system. The ‘critical security warning’ window supports bilingual text and a five-day countdown timer.
English part of text presented within Fluffy-TAR first pop-up:
ATTENTION REQUIRED – This is not an ad or a promotional content but a critical security warning about your system. Click “English” above for more details.
Depending on the selection made by the victim, the Fluffy-TAR Ransomware would load the appropriate version of the ransom request. The first slide within the ‘ATTENTION REQUIRED’ window offers the following message:
Oh no! Fluffy-TAR has encrypted some of your files! It means that they are not lost, but cannot be used until decrypted. They are “locked”, you could say. If you see a file which name ends with “lock75”, it means this file is encrypted. The process is easily reversible but requires a key.
What do I do?
To get your files back, you must buy the decryption key. This payment must be done in Bitcoins, a cryptographic currency. Bitcoin is becoming more and more accessible and nowadays, it is really easy to use Bitcoins.
See the online interface (button below) for a more detailed introduction to bitcoins. To get your files back, please send exactly (or more if you want) 0.039 Bitcoins to this address, BEFORE the countdown below ends:
Uppercase/lowercase matter! Make sure you send to the right address! (you can scan the QR code to copy it)
After sending the payment, wait an hour then click the “retrieve key automatically” button below. The software will then receive the key and decrypt ALL encrypted files. Without the key, it is impossible to decrypt your files.
Without the proper payment, it is impossible to get the key. When the countdown reaches zero, you will lose all encrypted documents.
Please note: if you have an antivirus, disable it now if you don’t want to lose your data.’
However, this might be just a usual lie. In fact, you should run the security tools and remove Fluffy TAR virus right away. Some less elaborate threats need the uninterrupted period of time to finish encrypting data. Likewise, if you suspect any signs, extremely slow system process, odd User Account Control messages, restart the device.
As far as encrypted files and data is concerned, you need to restore it from the back up from an external device or if you have a good Total Security software similar to Max Total security which take secure daily back up on your PC which malware can not infect.