What is Foxxy Ransomware

Discovered by a researcher named S!Ri, Foxxy is a malicious program that belongs to the malware category known as ransomware. Its main goal is to encrypt personal data and demand money for its recovery. The moment Foxxy starts enciphering data, all files will get a new .foxxy extension and reset their shortcut icons. This is how an encrypted file like 1.pdf will finally look like – 1.pdf.foxxy. Then, as soon as the encryption process is done, the virus displays a full-screen window and creates a text note called ___RECOVER__FILES__.foxxy.txt. Both of them feature ransom instructions to recover the data. You can check the full content of both ransom notes down below:

___RECOVER__FILES__.foxxy.txtPop-up window text

All of your files have been encrypted.
To unlock them, please send 0.9 bitcoin(s) to BTC address: bc1q4v9ngtqpdq6jfvmz7f72xd7cg97cd082vnmv63
Afterwards, please email your transaction ID to: foxxy.tiiny.site
THIS IS IT!!

Your files (count: -) have been encrypted!
In order to recover your data...
Please send 0.9 Bitcoin(s) to the following BTC address:
bc1q4v9ngtqpdq6jfvmz7f72xd7cg97cd082vnmv63
Next, E-mail your transaction ID to the following address:
foxxy.tiiny.site

Victims can see the number of files that have been encrypted. To get them back safe and undamaged, it is demanded to send 0.9 BTC to the attached Bitcoin address. After completing this step, victims should contact developers and send their transaction ID to foxxy.tiiny.site. Cybercriminals say the message has to be sent via e-mail, but there is no such provided within. Foxxy.tiiny.site is invalid meaning developers could make a mistake or have not finished the work on their virus yet. Many extortionists send demo versions of malware to gather some data and test how it works. In this case, sending the ransom is very risky and probably useless because Foxxy Ransomware is still under development. Unfortunately, it is less likely you will be able to decrypt files appended by the “.foxxy” extension with third-party tools. For this reason, it is recommended to use backup copies from other devices. If you had them created and stored prior to the infection, recovering data will not be a problem. Before trying any recovery option, it is important to delete Foxxy Ransomware from your computer. Otherwise, it will continue encrypting data and causing other security issues. To do this, follow our tutorial below.

foxxy ransomware

How Foxxy Ransomware infected your computer

Ransomware developers target a bunch of different distribution techniques to inject malware into compromised systems. This list includes e-mail spam letters, trojans, fake software updaters or installers, backdoors, botnets, keyloggers, web-injects, malicious ads, and other dangerous channels. The leader of all usually happens to be e-mail spam, which is abused by cybercriminals to send malicious attachments. MS Office files like Word or Excel, PDF, Executable, and JavaScript files are very often located in malicious letters. Of course, this does not mean all files of these formats are set up maliciously. The level of danger can be determined by how you received such messages. If they were sent from legitimate-looking sources like DHL, DPD, FedEx, or Financial organizations asking to open the files, then more likely it is a trap. Usually, such companies will never send you messages with requests to open or download something from nowhere without a reason. After such files get opened, the virus will be liberated to infect your system. This is why you should avoid the content of such as much as possible. Various infections may also install via fake updates or software that imitate a legitimate installation process. The same way can be used by trojans to cause chain infections around your PC. To make sure no distribution techniques will brute force your system, it is worth installing advanced anti-malware software. We have shed some light on this topic down below.

  1. Download Foxxy Ransomware Removal Tool
  2. Get decryption tool for .foxxy files
  3. Recover encrypted files with Stellar Data Recovery Professional
  4. Restore encrypted files with Windows Previous Versions
  5. Restore files with Shadow Explorer
  6. How to protect from threats like Foxxy Ransomware

Download Removal Tool

Download Removal Tool

To remove Foxxy Ransomware completely, we recommend you to use Combo Cleaner from RCS LT. It detects and removes all files, folders, and registry keys of Foxxy Ransomware and prevents future infections by similar viruses.

Alternative Removal Tool

Download SpyHunter 5

To remove Foxxy Ransomware completely, we recommend you to use SpyHunter 5 from EnigmaSoft Limited. It detects and removes all files, folders, and registry keys of Foxxy Ransomware. The trial version of SpyHunter 5 offers virus scan and 1-time removal for FREE.

Foxxy Ransomware files:


___RECOVER__FILES__.foxxy.txt
{randomname}.exe

Foxxy Ransomware registry keys:

no information

How to decrypt and restore .foxxy files

Use automated decryptors

Download Kaspersky RakhniDecryptor

kaspersky dharma ransomware decryptor

Use following tool from Kaspersky called Rakhni Decryptor, that can decrypt .foxxy files. Download it here:

Download RakhniDecryptor

There is no purpose to pay the ransom because there is no guarantee you will receive the key, but you will put your bank credentials at risk.

Dr.Web Rescue Pack

Famous antivirus vendor Dr. Web provides free decryption service for the owners of its products: Dr.Web Security Space or Dr.Web Enterprise Security Suite. Other users can ask for help in the decryption of .foxxy files by uploading samples to Dr. Web Ransomware Decryption Service. Analyzing files will be performed free of charge and if files are decryptable, all you need to do is purchase a 2-year license of Dr.Web Security Space worth $120 or less. Otherwise, you don’t have to pay.

If you are infected with Foxxy Ransomware and removed from your computer you can try to decrypt your files. Antivirus vendors and individuals create free decryptors for some crypto-lockers. To attempt to decrypt them manually you can do the following:

Use Stellar Data Recovery Professional to restore .foxxy files

stellar data recovery professional

  1. Download Stellar Data Recovery Professional.
  2. Click Recover Data button.
  3. Select type of files you want to restore and click Next button.
  4. Choose location where you would like to restore files from and click Scan button.
  5. Preview found files, choose ones you will restore and click Recover.
Download Stellar Data Recovery Professional

Using Windows Previous Versions option:

  1. Right-click on infected file and choose Properties.
  2. Select Previous Versions tab.
  3. Choose particular version of the file and click Copy.
  4. To restore the selected file and replace the existing one, click on the Restore button.
  5. In case there is no items in the list choose alternative method.

Using Shadow Explorer:

  1. Download Shadow Explorer program.
  2. Run it and you will see screen listing of all the drives and the dates that shadow copy was created.
  3. Select the drive and date that you want to restore from.
  4. Right-click on a folder name and select Export.
  5. In case there are no other dates in the list, choose alternative method.

If you are using Dropbox:

  1. Login to the DropBox website and go to the folder that contains encrypted files.
  2. Right-click on the encrypted file and select Previous Versions.
  3. Select the version of the file you wish to restore and click on the Restore button.

How to protect computer from viruses, like Foxxy Ransomware, in future

1. Get special anti-ransomware software

Use ZoneAlarm Anti-Ransomware

Famous antivirus brand ZoneAlarm by Check Point released a comprehensive tool, that will help you with active anti-ransomware protection, as an additional shield to your current protection. The tool provides Zero-Day protection against ransomware and allows you to recover files. ZoneAlarm Anti-Ransomware is compatible with all other antiviruses, firewalls, and security software except ZoneAlarm Extreme (already shipped with ZoneAlarm Anti-Ransomware) or Check Point Endpoint products. The killer features of this application are: automatic file recovery, overwrite protection that instantly and automatically recovers any encrypted files, file protection that detects and blocks even unknown encryptors.

Download ZoneAlarm Anti-Ransomware

2. Back up your files

idrive backup

As an additional way to save your files, we recommend online backup. Local storage, such as hard drives, SSDs, flash drives, or remote network storage can be instantly infected by the virus once plugged in or connected to. Foxxy Ransomware uses some techniques to exploit this. One of the best services and programs for easy automatic online backup is iDrive. It has the most profitable terms and a simple interface. You can read more about iDrive cloud backup and storage here.

3. Do not open spam e-mails and protect your mailbox

mailwasher pro

Malicious attachments to spam or phishing e-mails are the most popular method of ransomware distribution. Using spam filters and creating anti-spam rules is good practice. One of the world leaders in anti-spam protection is MailWasher Pro. It works with various desktop applications and provides a very high level of anti-spam protection.

Download MailWasher Pro
Previous articleHow to remove STRRAT malware
Next articleHow to remove CryptoJoker Ransomware and decrypt .encrypter@tuta.io.encrypted, .crjoker and .cryptolocker files