Threat Database Ransomware ACCDFISA Protection Program Ransomware

ACCDFISA Protection Program Ransomware

By LoneStar in Ransomware

ACCDFISA Protection Program Ransomware Image

ACCDFISA Protection Program is a ransomware computer threat that is supposedly able to encrypt your files using AES encryption and then locks your Windows desktop. When on a compromised PC, ACCDFISA Protection Program Ransomware will declare that it represents the Anti Cyber Crime Department of Federal Internet Security Agency and that a computer virus has been detected that is sending out SPAM emails that contain links to websites hosting child pornography. ACCDFISA Protection Program Ransomware then declares that your data and PC will be blocked unless you use the Moneypak or Paysafecard services to transmit $100 via SMS to a certain phone number within 48 hours. ACCDFISA Protection Program Ransomware further alerts victims that if they won't pay the ransom, it will delete your operating system and files. Everything what ACCDFISA Protection Program Ransomware would tell you is a total scam that is being used to frighten and persuading you into paying $100 in order to unlock your computer and restore your data. ESG's malware analysts highly recommend you not to pay this ransom and instead use a genuine malware removal application to remove ACCDFISA Protection Program Ransomware. When installed, ACCDFISA Protection Program Ransomware will configure itself to start automatically each time you start your PC, and also create two Windows services. ACCDFISA Protection Program Ransomware will then scan your PC's hard drives for data files such as .txt, .doc, .xml, .dat, .docx, .pst, .xls and use the RAR program to create a password protected archive, which contains the original files. The original files will then be replaced by this RAR file using the AES extension. ACCDFISA Protection Program Ransomware will also create a shortcut on your Windows Desktop labeled how to decrypt .aes files. If double-clicked on this shortcut, the file will be executed and display a screen that claims a polymorphic virus has encrypted your data files and that you need to pay $100 in order to get the codes that can be used to decrypt the data.

If you would pay the ransom or use some of the codes posted on the web, ACCDFISA Protection Program Ransomware will simply delete all of your data. Therefore, you should not try to decrypt the files using the decrypt program as you will just lose your data. These files are not encrypted and are just password protected RAR files. ACCDFISA Protection Program Ransomware will also start a program when you first login to Windows. ACCDFISA Protection Program Ransomware is shown before your Windows desktop and will not permit you to access your Desktop unless you enter a Control Code. In order to receive this control code, you need to send $100. ACCDFISA Protection Program Ransomware will also delete with Windows Safeboot Registry key, so you will be unable to access Windows Safe mode in order help remove it. ACCDFISA Protection Program Ransomware is not installed by other malware infections, malicious websites, or from downloading insecure programs. The affected PCs were actually hacked and ACCDFISA Protection Program Ransomware was installed there manually. ACCDFISA Protection Program Ransomware targets Windows servers and not Windows workstations.

File System Details

ACCDFISA Protection Program Ransomware may create the following file(s):
# File Name Detections
1. %System%ucsvcsh.exe
2. C:ProgramDatalocalundxkpwvlk.dll
3. C:ProgramDatalocalcrdfoftrs.dll
4. C:decryptdecrypt.exe
5. C:WindowsSysWOW64 cpsvcss.exe
6. %System%csrsstub.exe
7. %System% cpsvcss.exe
8. C:ProgramDatalocalaescrypter.exe
9. C:WindowsSysWOW64ucsvcsh.exe
10. C:WindowsSysWOW64dcomcnfgui.exe
11. %System%dcomcnfgui.exe
12. %System% racerpts.exe
13. C:ProgramDatalocalvpkswnhisp.dll
14. C:ProgramDatalocalsvchost.exe
15. C:WindowsSysWOW64csrsstub.exe
16. C:WindowsSysWOW64 racerpts.exe
17. C:WindowsSysWOW64wcmtstcsys.sss
18. c:how to decrypt aes files.lnk
19. %System%wcmtstcsys.sss
20. C:UsersPublicDesktophow to decrypt aes files.lnk

Registry Details

ACCDFISA Protection Program Ransomware may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesetprofms
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWdiServiceSysHost
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "svchost"

Trending

Most Viewed

Loading...