FUCKUNICORN ransomware threatens pharmacies and medical businesses primarily in Itlay. It tries to convince the user to download an executable file and run it on their computer, with the promise of offering the beta version of the IMMUNI app and have first-hand data of
COVID-19 updated in real time regarding the situations of contagion in your region.
To increase the authenticity of the message the attacker also cloned the FOFI (Federazione Ordini farmacisti Italiani) website and registered a domain name similar to the original. However, they used "fofl.it" with a lowercase "L" as the last character that is easily confused with the lowercase 'i' used in the legitimate domain name.
FUCKUNICORN Ransomware Signatures
Family: Ransom:MSIL/Ryzerlo.A
MD5: b226803ac5a68cd86ecb7c0c6c4e9d00
SHA256: 7980ef30b9bed26a9823d3dd5746cdefe5d01de2b2eb2c5e17dbfd1fd52f62bf
FUCKUNICORN Ransomware Download