FailedAccess Ransomware
The FailedAccess Ransomware is a ransomware Trojan that uses encryption to force computer users to pay large ransoms. This is a typical approach to a tactic that has become very common in the last few years. The FailedAccess Ransomware was first observed in late April 2017. Malware researchers suspect that the FailedAccess Ransomware is a work in progress since various of its elements seem to be part of a test version submitted to online anti-virus scanners (an approach often taken as a way of testing whether newly developed threats can bypass security detection).
Table of Contents
The FailedAccess Ransomware Trojan’s Test Version
While a finished ransomware Trojan will encrypt the contents of the victim's hard drives, the version of the FailedAccess Ransomware that has been uncovered by PC security researchers limits its attack to a single directory:
'C:\Users\houcemjouini\Desktop\projet sans fils\test'
This indicates that the current version of the FailedAccess Ransomware is not designed to be used in attacks on the public just yet clearly, but it is merely a test version. However, by studying this test version of the FailedAccess Ransomware, malware analysts have been able to determine in detail what a finished version of the FailedAccess Ransomware will look like once this threat is released to the public (probably with a different name).
Understanding the FailedAccess Ransomware Attack
The FailedAccess Ransomware seems to use an executable file named 'CryptoSomware.exe' in its attack. Because of this, it also may be referred to as 'CryptoSomware Ransomware' by malware researchers. The FailedAccess Ransomware receives its current name because it identifies the files that have been encrypted in the attack with the file extension '.FailedAccess,' which is appended to the end of each affected file's name. The FailedAccess Ransomware was developed using the Microsoft Visual Studio by a programmer who goes by the name of 'houcemjouini,' or the initials 'J.H.' Malware analysts do not believe that the FailedAccess Ransomware is part of a larger family of threats, and the FailedAccess Ransomware seems to be a standalone project that is part of a wave of ransomware Trojans that are being unleashed currently. The FailedAccess Ransomware will target the following files in its attack (as well as others), encrypting their contents and turning them inaccessible:
.3GP, .7Z, .APK, .AVI, .BMP, .CDR, .CER, .CHM, .CONF, .CSS, .CSV, .DAT, .DB, .DBF, .DJVU, .DBX, .DOCM, ,DOC, .EPUB, .DOCX .FB2, .FLV, .GIF, .GZ, .ISO .IBOOKS,.JPEG, .JPG, .KEY, .MDB .MD2, .MDF, .MHT, .MOBI .MHTM, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PPS, .PKG, .PNG, .PPT .PPTX, .PPSX, .PSD, .RAR, .RTF, .SCR, .SWF, .SAV, .TIFF, .TIF, .TBL, .TORRENT, .TXT, .VSD, .WMV, .XLS, .XLSX, .XPS, .XML, .CKP, .ZIP, .JAVA, .PY, .ASM, .C, .CPP, .CS, .JS, .PHP, .DACPAC, .RBW, .RB, .MRG, .DCX, .DB3, .SQL, .SQLITE3, .SQLITE, .SQLITEDB, .PSD, .PSP, .PDB, .DXF, .DWG, .DRW, .CASB, .CCP, .CAL, .CMX, .CR2.
How the FailedAccess Ransomware Tries to Extort Its Victims
After encrypting the files, the FailedAccess Ransomware is designed to deliver a program window with the name 'You are Hacked by J.H.' This window contains the FailedAccess Ransomware ransom note, which tells the victims about the attack and demands that the victim pays a ransom to restore access to the files. It is clear that the FailedAccess Ransomware is still in a testing phase since it's ransom note does not provide contact information or a way for the victim to pay the ransom currently. Below is the message displayed in the FailedAccess Ransomware's current test ransom note:
'You are Hacked by J.H
Your all files are encrypted
if you to decrypt send some money on given adress and take you key.
good by
Enter decryption key here:
[TEXT BOX]'
Although it is clear that the current version of the FailedAccess Ransomware is still in a testing phase, the potential finished version of the FailedAccess Ransomware can pose a real threat to the computer users' data. Because of this, take preventive measures, such as installing a reliable security application and having file backups on an external memory device.
SpyHunter Detects & Remove FailedAccess Ransomware
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | file.exe | e3fb080384b0cb7468bcedab9d4fdd6f | 0 |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.