FSociety, or Flocker ransomware, emerged as a Ransomware-as-a-Service in 2024, enabling cybercriminals to execute attacks with minimal technical skills. Utilizing double extortion tactics, it encrypts data and threatens to leak sensitive information, targeting a variety of sectors primarily in the U.S. The group collaborates with FunkSec to enhance their operations. Affected: Business Services, Retail, Government, Financial, Technology, Education
Keypoints :
- FSociety, identified as Flocker ransomware, operates as a Ransomware-as-a-Service (RaaS) since 2024.
- Utilizes double extortion tactics, encrypting files and threatening to leak sensitive data.
- The group maintains communication channels via Telegram and an Onion site.
- Originally inspired by a 2016 ransomware strain linked to the TV show Mr. Robot.
- Targets are primarily organizations in the U.S., spanning multiple industries.
- Collaborates with the FunkSec group for enhanced attack capabilities.
- The group’s data leak site has disclosed 41 victims as of 2025.
- Promotes an affiliate program for less skilled cybercriminals to carry out attacks.
- Recommendations for mitigation include robust security, patch management, and employee training.
MITRE Techniques :
- TA0040: Impact – Data Encrypted for Impact (T1486) – FSociety targets and encrypts victims’ data to demand ransom.
- TA0011: Command and Control – Standard Application Layer Protocol (T1071) – Utilizes communication through Telegram and Onion sites.
- TA0041: Exfiltration – Exfiltration Over Command and Control Channel (T1041) – Threatens to expose sensitive data to increase the pressure on victims.
Indicator of Compromise :
- [URL] http://fsociety[. ]com
- [Domain] funksec[. ]com
- [Domain] fsociety[. ]onion
- [Email] attack@fsociety[. ]org
- [Hash] c5d2ef1e3e2d68d2ce2ed8acbd5fac9d
Full Story: https://socradar.io/dark-web-profile-fsociety-flocker-ransomware/