FCP Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 186 |
First Seen: | August 1, 2017 |
Last Seen: | February 1, 2022 |
OS(es) Affected: | Windows |
The FCP Ransomware is a ransomware Trojan that seems to target computer users located in Japan. The FCP Ransomware is a bogus file encoder. While encryption ransomware Trojans will encode the victim's files using a strong encryption algorithm, there are many ransomware Trojans that pretend to encode the victim's files, but simply rename them but keep their data intact. Threats like the FCP Ransomware take advantage of the popularity of encryption ransomware Trojans and their presence in the news to scare computer users into paying a ransom without taking over the victims' data.
Table of Contents
The FCP Ransomware Changes the Names of the Files Instead of Encrypting Them
The FCP Ransomware will pretend to encrypt the victim's files and then demand that the victim pays a ransom by transferring Bitcoins to the con artists' Bitcoin wallet. The FCP Ransomware in its current state does not have the capacity to encrypt the victims' files. Malware analysts first observed the FCP Ransomware beings used to attack computer users on August 1, 2017. Rather than encrypting the victim's files, the FCP Ransomware simply changes their names, but the data of the affected files remain intact. The FCP Ransomware may be delivered to victims through the use of spam email messages, which may include corrupted embedded links or file attachments designed to install the FCP Ransomware on the victim's computer.
How the FCP Ransomware Attack Worls
After the FCP Ransomware is installed, it will run as an executable file named 'FCP.exe.' The FCP Ransomware's attack consists of renaming the victim's files entirely, replacing their names with ransom characters. The FCP Ransomware will display a ransom note, threatening the victim to pay a large amount of money to recover the affected files. The FCP Ransomware will drop a folder on the infected computer's desktop after renaming the victim's files. This folder, named 'FCP Decryptor' contains an executable file with the same name and a text file named 'READ_ME_HELP_ME.txt,' which includes a ransom note. This file is written in both Japanese and English and claims that the victim's files were encrypted (as if the FCP Ransomware were an encryption ransomware Trojan with the capacity of encrypting the victims' files). The FCP Ransomware will change the infected computer's desktop wallpaper image so that it can display the following message:
'Ooops,your important files have been encrypted!
The above English sentence is followed by the subsequent text, written in Japanese:
Is the content of your files not readable? It is normal because your important files have been encrypted by the "the FCP Ransomware". It means your files are NOT DAMAGED! Your files are just encrypted. From now it is not possible to use your files until they will be decrypted. The only way to decrypt your files safely is use special decryption tool "FCP Decryptor". Please wait for "FCP Decryptor" to start automatically. if "FCP Decryptor" does not start automatically, open "FCP Decryptor" on the desktop.'
Computer users may believe that their files cannot be recovered and be willing to pay a ransom to 'recover' their files. However, it is possible to restore the affected files by simply renaming them to their previous versions, or using the Windows Restore or the Shadow Volume Copies as an alternative.
Protecting Your Computer from Threats Like the FCP Ransomware
While the FCP Ransomware does not encrypt the victim's files, there are various ransomware Trojans that will do it, and recovering from them can be quite problematic. The FCP Ransomware will rename a large number of files, which will require the tedious cleanup work of going back and renaming every affected file to restore it. Malware analysts, therefore, advise computer users to take precautionary measures against the FCP Ransomware. The best you can do to avoid ransomware Trojans like the FCP Ransomware is to use a security product that is fully up-to-date and have backups of your files. In the case of a ransomware attack, the affected files can be restored by simply copying them over from the file backup.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.