FTCODE Ransomware Description
Another ransomware threat has reared its ugly head recently. Its name is FTCODE Ransomware, and it does not appear to belong to any of the popular ransomware families. It is not known if free and publicly available decryption tools for the FTCODE Ransomware are available.
Propagation and Encryption
It has not been determined what the infection vectors, which are involved in the propagation of this threat are. Cybercriminals dealing with data-locking Trojans tend to use several classic propagation methods - emails containing macro-laced attachments, fraudulent application updates, and fake pirated versions of popular software. Often, ransomware threats tend to target a wide variety of files to guarantee that enough damage will be done and the user may consider paying up the ransom. Usually, files like images, documents, videos, audio files, etc. will be the primary targets of threats like the FTCODE Ransomware. The FTCODE Ransomware will run a scan to locate these files and then trigger its encryption process. After encrypting a file, the FTCODE Ransomware applies a new extension at the end of its filename - ‘.FTCODE.’ For example, if you had a photo that was called ‘paper-pale.jpeg’ originally after the encryption process is completed, the file will be renamed to ‘paper-pale.jpeg.FTCODE.’ To ensure that the user is less likely to retrieve any of the corrupted files for free, the FTCODE Ransomware also will wipe out the Shadow Volume Copies from the compromised host. Furthermore, the FTCODE Ransomware also will tamper with the System Restore module and disable it so that getting any of the data back will be nearly impossible.
The Ransom Note
Then, the FTCODE Ransomware will drop a ransom note that goes by the name ‘READ_ME_NOW.htm.’ In the note, the attackers instruct the victim on how to download and install a TOR browser because their payment processing is carried out on a TOR-based payment portal. The authors of the FTCODE Ransomware state that within the first three days of the attack, the ransom fee will be $500. However, if the victim fails to pay up within this deadline, the ransom fee will begin increasing periodically:
- Between three and five days - $2,500.
- Between five and ten days - $5,000.
- Between ten and thirty days - $25,000.
Finally, the attackers claim that in case the fee is not processed within thirty days of the attack taking place the decryption key will be wiped out permanently, which means that there will be no way for the victim to retrieve any of the encrypted data.
Do not trust cyber crooks. Their threats, as well as their promises, are often just smoke and mirrors. It is far safer to remove the FTCODE Ransomware from your system using a reputable anti-virus application. Then, if you wish, you can try to retrieve some of the lost files using a third-party data-recovery tool.
Do You Suspect Your PC May Be Infected with FTCODE Ransomware & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like FTCODE Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
File System Details
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.