ZeroFucks can be distributed by infected email attachments (macros), torrent websites, malicious ads. It can also be spread by trojans, fake software cracking/update tools, and unofficial software download sources
ZeroFucks infiltrates computers and encrypts most of stored files and appends filenames with ".zerofcks" extension (e.g., "sample.jpg" would be renamed to "sample.jpg.zerofcks" and so on so forth).
Once encryption is over, ZeroF*cks generates a text file named "Bitcoin_Address.txt" and drops it on victim's desktop. Additionally, ZeroFucks opens a pop-up window.
The opened pop-up window contains a ransom-demanding message, which is a common practice for ransomware infections. Such viruses encrypt data (thereby making it unusable) so that developers could blackmail victims by offering a paid recovery. The message basically states that victims have to pay a ransom of €400 in Bitcoin cryptocurrency.
It is also noted that victims have to pay within 48 hours, otherwise the price will be doubled (it will rise to €800). After additional 24 hours the price will be doubled again and reach €1600.
If the ransom is not paid within 96 hours after the encryption, the data will supposedly be permanently destroyed.
Text presented in ZeroFucks ransomware's pop-up window:
All your files are locked!
All your important files have been encrypted. If you want your files back, you need to pay 400 euros in Bitcoins. After the payment is received, we will give you access to unlock your files. Click on the Payment button to get more info. If you don't pay within 48 hours, the price will be doubled. After another 24 hours, the price will be doubled again. If you don't pay within 96 hours your files will be destroyed.