AAC Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 1 |
First Seen: | August 25, 2017 |
Last Seen: | February 11, 2019 |
OS(es) Affected: | Windows |
The AAC Ransomware is an encryption ransomware Trojan. There is a connection between the AAC Ransomware and the Xrat Ransomware Trojan, and it's possible that one is based on the other. The AAC Ransomware is used to encrypt victims' files to extract a ransom payment. The AAC Ransomware will identify the files encrypted in its attack by adding the file extension '.aac' to the end of each file affected during the attack. Once the AAC Ransomware encrypts a file, it will no longer be accessible. Essentially, the AAC Ransomware takes the victim's files hostage in exchange for ransom. The AAC Ransomware is being delivered to victims through the use of spam email messages. Malware researchers observed the AAC Ransomware in the last week of August 2017.
Table of Contents
How the AAC Ransomware Attack Works
The spam email messages used to deliver the AAC Ransomware will take advantage of corrupted macro scripts in Microsoft Word. Because of this, computer users should learn to spot these tactics and disable the macros in their word processor, only using them if absolutely necessary. When the victim receives a spam email message from the people responsible for the AAC Ransomware, it may have a Microsoft Word file attachment which, when opened, will prompt a User Account Control message. The AAC Ransomware will be installed on the computer if the computer users ignore this message. Once the AAC Ransomware is installed, it will scan the victim's computer for files to encrypt, searching for popular file types associated with commonly used software. This may include audio, video, music, photos, databases, texts, and numerous other file types. The AAC Ransomware communicates with its Command and Control server to receive information and relay data about the infected computer. The AAC Ransomware will encrypt the victim's files using a strong encryption algorithm, and add the file extension '.aac' to the end of each affected file's name.
The AAC Ransomware’s Encryption and Ransom Note
The AAC Ransomware uses the AES encryption to make the victim's files inaccessible. Unfortunately, this means that when the AAC Ransomware encrypts the files, they cannot be recovered without the decryption algorithm. The computer user may spend more than a thousand US dollars to pay the AAC Ransomware ransom. Malware analysts strongly advise computer users against doing this. The AAC Ransomware will deliver a ransom note after encrypting the victim's files. The AAC Ransomware's ransom note takes the form of a text file dropped on the infected computer's desktop. This file is named 'Lean how to recover your files.txt' and contains the following message, opened on the victim's word processor:
'It looks like your files have been encrypted.
If you are interested in your recovery, please contact us by email: contatoaac@vpn.tg
Send your code to: [RANDOM HARACTERS]
Your request will be answered as soon as possible, and if necessary to guarantee recovery.'
Malware analysts advise computer users to refrain from contacting the people responsible for the AAC Ransomware at the above email address. The con artists responsible for these attacks will rarely keep their word to provide the decryption key necessary to recover the affected files. Furthermore, paying the AAC Ransomware ransom allows these people to continue creating and developing threats like the AAC Ransomware.
Protecting Your Data from Threats Like the AAC Ransomware
If the AAC Ransomware has compromised your files, you can restore them from a file backup (after removing an AAC Ransomware infection itself with the help of a reliable security program). Having file backups is the best protection against these threats. This is because having the ability to recover the affected files from a backup nullifies the attack completely, and removes the con artists' leverage.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.