Threat Database Ransomware FailedAccess Ransomware

FailedAccess Ransomware

By GoldSparrow in Ransomware

The FailedAccess Ransomware is a ransomware Trojan that uses encryption to force computer users to pay large ransoms. This is a typical approach to a tactic that has become very common in the last few years. The FailedAccess Ransomware was first observed in late April 2017. Malware researchers suspect that the FailedAccess Ransomware is a work in progress since various of its elements seem to be part of a test version submitted to online anti-virus scanners (an approach often taken as a way of testing whether newly developed threats can bypass security detection).

The FailedAccess Ransomware Trojan’s Test Version

While a finished ransomware Trojan will encrypt the contents of the victim's hard drives, the version of the FailedAccess Ransomware that has been uncovered by PC security researchers limits its attack to a single directory:

'C:\Users\houcemjouini\Desktop\projet sans fils\test'

This indicates that the current version of the FailedAccess Ransomware is not designed to be used in attacks on the public just yet clearly, but it is merely a test version. However, by studying this test version of the FailedAccess Ransomware, malware analysts have been able to determine in detail what a finished version of the FailedAccess Ransomware will look like once this threat is released to the public (probably with a different name).

Understanding the FailedAccess Ransomware Attack

The FailedAccess Ransomware seems to use an executable file named 'CryptoSomware.exe' in its attack. Because of this, it also may be referred to as 'CryptoSomware Ransomware' by malware researchers. The FailedAccess Ransomware receives its current name because it identifies the files that have been encrypted in the attack with the file extension '.FailedAccess,' which is appended to the end of each affected file's name. The FailedAccess Ransomware was developed using the Microsoft Visual Studio by a programmer who goes by the name of 'houcemjouini,' or the initials 'J.H.' Malware analysts do not believe that the FailedAccess Ransomware is part of a larger family of threats, and the FailedAccess Ransomware seems to be a standalone project that is part of a wave of ransomware Trojans that are being unleashed currently. The FailedAccess Ransomware will target the following files in its attack (as well as others), encrypting their contents and turning them inaccessible:

.3GP, .7Z, .APK, .AVI, .BMP, .CDR, .CER, .CHM, .CONF, .CSS, .CSV, .DAT, .DB, .DBF, .DJVU, .DBX, .DOCM, ,DOC, .EPUB, .DOCX .FB2, .FLV, .GIF, .GZ, .ISO .IBOOKS,.JPEG, .JPG, .KEY, .MDB .MD2, .MDF, .MHT, .MOBI .MHTM, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PPS, .PKG, .PNG, .PPT .PPTX, .PPSX, .PSD, .RAR, .RTF, .SCR, .SWF, .SAV, .TIFF, .TIF, .TBL, .TORRENT, .TXT, .VSD, .WMV, .XLS, .XLSX, .XPS, .XML, .CKP, .ZIP, .JAVA, .PY, .ASM, .C, .CPP, .CS, .JS, .PHP, .DACPAC, .RBW, .RB, .MRG, .DCX, .DB3, .SQL, .SQLITE3, .SQLITE, .SQLITEDB, .PSD, .PSP, .PDB, .DXF, .DWG, .DRW, .CASB, .CCP, .CAL, .CMX, .CR2.

How the FailedAccess Ransomware Tries to Extort Its Victims

After encrypting the files, the FailedAccess Ransomware is designed to deliver a program window with the name 'You are Hacked by J.H.' This window contains the FailedAccess Ransomware ransom note, which tells the victims about the attack and demands that the victim pays a ransom to restore access to the files. It is clear that the FailedAccess Ransomware is still in a testing phase since it's ransom note does not provide contact information or a way for the victim to pay the ransom currently. Below is the message displayed in the FailedAccess Ransomware's current test ransom note:

'You are Hacked by J.H
Your all files are encrypted
if you to decrypt send some money on given adress and take you key.
good by
Enter decryption key here:
[TEXT BOX]'

Although it is clear that the current version of the FailedAccess Ransomware is still in a testing phase, the potential finished version of the FailedAccess Ransomware can pose a real threat to the computer users' data. Because of this, take preventive measures, such as installing a reliable security application and having file backups on an external memory device.

SpyHunter Detects & Remove FailedAccess Ransomware

File System Details

FailedAccess Ransomware may create the following file(s):
# File Name MD5 Detections
1. file.exe e3fb080384b0cb7468bcedab9d4fdd6f 0

Trending

Most Viewed

Loading...