AAC Ransomware

The AAC Ransomware is an encryption ransomware Trojan. There is a connection between the AAC Ransomware and the Xrat Ransomware Trojan, and it's possible that one is based on the other. The AAC Ransomware is used to encrypt victims' files to extract a ransom payment. The AAC Ransomware will identify the files encrypted in its attack by adding the file extension '.aac' to the end of each file affected during the attack. Once the AAC Ransomware encrypts a file, it will no longer be accessible. Essentially, the AAC Ransomware takes the victim's files hostage in exchange for ransom. The AAC Ransomware is being delivered to victims through the use of spam email messages. Malware researchers observed the AAC Ransomware in the last week of August 2017.

How the AAC Ransomware Attack Works

The spam email messages used to deliver the AAC Ransomware will take advantage of corrupted macro scripts in Microsoft Word. Because of this, computer users should learn to spot these tactics and disable the macros in their word processor, only using them if absolutely necessary. When the victim receives a spam email message from the people responsible for the AAC Ransomware, it may have a Microsoft Word file attachment which, when opened, will prompt a User Account Control message. The AAC Ransomware will be installed on the computer if the computer users ignore this message. Once the AAC Ransomware is installed, it will scan the victim's computer for files to encrypt, searching for popular file types associated with commonly used software. This may include audio, video, music, photos, databases, texts, and numerous other file types. The AAC Ransomware communicates with its Command and Control server to receive information and relay data about the infected computer. The AAC Ransomware will encrypt the victim's files using a strong encryption algorithm, and add the file extension '.aac' to the end of each affected file's name.

The AAC Ransomware’s Encryption and Ransom Note

The AAC Ransomware uses the AES encryption to make the victim's files inaccessible. Unfortunately, this means that when the AAC Ransomware encrypts the files, they cannot be recovered without the decryption algorithm. The computer user may spend more than a thousand US dollars to pay the AAC Ransomware ransom. Malware analysts strongly advise computer users against doing this. The AAC Ransomware will deliver a ransom note after encrypting the victim's files. The AAC Ransomware's ransom note takes the form of a text file dropped on the infected computer's desktop. This file is named 'Lean how to recover your files.txt' and contains the following message, opened on the victim's word processor:

'It looks like your files have been encrypted.
If you are interested in your recovery, please contact us by email: contatoaac@vpn.tg
Send your code to: [RANDOM HARACTERS]
Your request will be answered as soon as possible, and if necessary to guarantee recovery.'

Malware analysts advise computer users to refrain from contacting the people responsible for the AAC Ransomware at the above email address. The con artists responsible for these attacks will rarely keep their word to provide the decryption key necessary to recover the affected files. Furthermore, paying the AAC Ransomware ransom allows these people to continue creating and developing threats like the AAC Ransomware.

Protecting Your Data from Threats Like the AAC Ransomware

If the AAC Ransomware has compromised your files, you can restore them from a file backup (after removing an AAC Ransomware infection itself with the help of a reliable security program). Having file backups is the best protection against these threats. This is because having the ability to recover the affected files from a backup nullifies the attack completely, and removes the con artists' leverage.