FTCODE Ransomware

FTCODE Ransomware Description

FTCODE Ransomware ScreenshotAnother ransomware threat has reared its ugly head recently. Its name is FTCODE Ransomware, and it does not appear to belong to any of the popular ransomware families. It is not known if free and publicly available decryption tools for the FTCODE Ransomware are available.

Propagation and Encryption

It has not been determined what the infection vectors, which are involved in the propagation of this threat are. Cybercriminals dealing with data-locking Trojans tend to use several classic propagation methods - emails containing macro-laced attachments, fraudulent application updates, and fake pirated versions of popular software. Often, ransomware threats tend to target a wide variety of files to guarantee that enough damage will be done and the user may consider paying up the ransom. Usually, files like images, documents, videos, audio files, etc. will be the primary targets of threats like the FTCODE Ransomware. The FTCODE Ransomware will run a scan to locate these files and then trigger its encryption process. After encrypting a file, the FTCODE Ransomware applies a new extension at the end of its filename - ‘.FTCODE.’ For example, if you had a photo that was called ‘paper-pale.jpeg’ originally after the encryption process is completed, the file will be renamed to ‘paper-pale.jpeg.FTCODE.’ To ensure that the user is less likely to retrieve any of the corrupted files for free, the FTCODE Ransomware also will wipe out the Shadow Volume Copies from the compromised host. Furthermore, the FTCODE Ransomware also will tamper with the System Restore module and disable it so that getting any of the data back will be nearly impossible.

The Ransom Note

Then, the FTCODE Ransomware will drop a ransom note that goes by the name ‘READ_ME_NOW.htm.’ In the note, the attackers instruct the victim on how to download and install a TOR browser because their payment processing is carried out on a TOR-based payment portal. The authors of the FTCODE Ransomware state that within the first three days of the attack, the ransom fee will be $500. However, if the victim fails to pay up within this deadline, the ransom fee will begin increasing periodically:

  • Between three and five days - $2,500.
  • Between five and ten days - $5,000.
  • Between ten and thirty days - $25,000.

Finally, the attackers claim that in case the fee is not processed within thirty days of the attack taking place the decryption key will be wiped out permanently, which means that there will be no way for the victim to retrieve any of the encrypted data.

Do not trust cyber crooks. Their threats, as well as their promises, are often just smoke and mirrors. It is far safer to remove the FTCODE Ransomware from your system using a reputable anti-virus application. Then, if you wish, you can try to retrieve some of the lost files using a third-party data-recovery tool.

Do You Suspect Your PC May Be Infected with FTCODE Ransomware & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like FTCODE Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Technical Information

File System Details

FTCODE Ransomware creates the following file(s):
# File Name Size MD5
1 file.doc 3,145,729 a5af9f4b875be92a79085bb03c46fe5c
2 file.vbs 39,845,889 cdd6ee0b57678678a3dc48574ffb9f14

Registry Details

FTCODE Ransomware creates the following registry entry or registry entries:
Regexp file mask
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\WindowsApplicationService.lnk
%PUBLIC%\libraries\WindowsIndexingservice.vbs
%WINDIR%\System32\Tasks\WindowsApplicationService

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their PC with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.