ACCDFISA v2.0 Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 4,807 |
Threat Level: | 80 % (High) |
Infected Computers: | 5,162 |
First Seen: | October 27, 2017 |
Last Seen: | September 20, 2023 |
OS(es) Affected: | Windows |
The ACCDFISA v2.0 Ransomware is an encryption ransomware Trojan that is in its second release. The first version of the ACCDFISA v2.0 Ransomware was active in February of 2012 so that the ACCDFISA v2.0 Ransomware seems to be quite an old ransomware family. The original version of the ACCDFISA v2.0 Ransomware carried out a typical scareware tactic that was popular at that time. The ACCDFISA v2.0 Ransomware uses an updated attack method that involves encryption algorithms, which are favored by most modern encryption ransomware Trojans. Like other encryption ransomware Trojans, the ACCDFISA v2.0 Ransomware is designed to encrypt the victim's files and then require a ransom in exchange for the decryption key needed to recover the infected files. The ACCDFISA v2.0 Ransomware is delivered using corrupted spam email messages, which may use social engineering tactics to induce computer users into opening a corrupted attachment, which includes corrupted macro scripts that download and install the ACCDFISA v2.0 Ransomware unto the victim's computer.
The ACCDFISA v2.0 Ransomware Hides Its Activities
The ACCDFISA v2.0 Ransomware is installed on the AppData folder and carries out a typical encryption ransomware Trojan attack, encrypting the user-generated files while avoiding Windows system files (these threats need Windows to remain functional so that they can deliver a ransom note to the victim and have the victim pay the ransom). The following are examples of the file types that are encrypted in attacks like the ACCDFISA v2.0 Ransomware:
.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.
The ACCDFISA v2.0 Ransomware will inject its processes into legitimate file processes to hide its activities. However, the ACCDFISA v2.0 Ransomware also will create an executable file named 'Decrypt.exe' in a directory named 'Decrypt' on the main system drive. After encrypting the victim's files, this executable file runs and delivers a ransom note.
The ACCDFISA v2.0 Ransomware's Ransom Note
The ACCDFISA v2.0 Ransomware's ransom note is delivered in a program window that is named 'Malware protection' and launched by the executable file mentioned above. This program window contains the following message:
'Warning! Access to your computer is limited and all your important files has been decrypted with AES-256-KEY.
A mailing (spam) was detected on your computer that was sending a very dangerous polymorphic virus, which contradicts the law and harms other network users. Your computer has been also infected by this very dangerous polymorphic virus, which modifies itself every 24 hours and in this case virus detection by antiviruses is very difficult.
You need to buy and send an sms with MoneyPak or Paysafecard or Ukash code ($300 or 300 euros) and your Reference Number to our special service phone number or email.
After that, our experts within 1-3 hours will perform an audit to clean up your computer from this very dangerous polymorphic and send you sms on the cell phone or email (from which you sent the code and reference number) password (which unlocks your computer and decrypts your files) and this must be entered below.'
However, there is no truth to this message, which claims that it is there to protect you from threats. Fortunately, a decryption program for the ACCDFISA v2.0 Ransomware has been released and is available at the following link:
Karwos[.]net/accdfisa20/
It is likely that the con artists will update the ACCDFISA v2.0 Ransomware eventually to bypass the current access to a decryption program.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.