FailedAccess Ransomware
Posted: May 4, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 76 |
First Seen: | May 4, 2017 |
---|---|
OS(es) Affected: | Windows |
The FailedAccess Ransomware is a Trojan based on open-source code that damages your files to force you into paying a ransom. One should attempt other methods of data recovery before rewarding a harmful behavior with ransom money, which never is a surefire way of procuring the necessary decryption key. PCs protected with modern anti-malware software should be able to delete the FailedAccess Ransomware automatically, keeping it from locking any of your local content.
The Trojans Kind Enough to Tell You of Their Hacking
One unfortunate reality of the threat landscape is that many of its victims see no need to take proactive security steps until after they start seeing visible signs of attacks taking place against their PCs. Although, for some types of threats, these symptoms never may arrive, for others such as the new FailedAccess Ransomware, the symptoms do appear, but too belatedly for the user's benefit. This developing file-encrypting Trojan, like most of its kind, shows its pop-up attacks after it's already damaged the contents of your hard drive.
Malware experts connect the FailedAccess Ransomware to older, similar threats also designed with the help of open-source (or freely circulated and available) threat code. Although its threat actor has yet to circulate it in live campaigns, the Trojan's payload is starting off with full file-encoding capabilities that are adequate for blocking and damaging various data formats, including JPG or PNG images and MP3 audio. The FailedAccess Ransomware also adds the '.FailedAccess' extension to the name of every file it encrypts.
Once these attacks finish, the FailedAccess Ransomware loads a 'You are Hacked' pop-up window containing its author's ransoming demands for the file-unlocking key. The threat actor, self-identified by the initials of J.H., uses English for communication, but with numerous grammatical errors. The FailedAccess Ransomware also includes a default field for entering the decryption key, once you acquire it, after which the Trojan will decrypt all of your encoded media theoretically.
Regaining Full Access to Your Digital Property
So far, J.H. shows limited signs of any significant experience in threat development, with most of the FailedAccess Ransomware's code and features being preexisting elements of old threats. Samples of the FailedAccess Ransomware under analysis by malware experts encrypt only the contents of a single, test directory on the user's desktop, but more areas are almost certain to be included in a public release version of the Trojan. Exploits that its author could abuse for distributing the FailedAccess Ransomware include brute-force password hacks, e-mail spam attachments, corrupted Web scripts, and free software bundles.
Due to being a close relative of Trojans examined previously, the FailedAccess Ransomware has limited protection against decryption by non-ransom-oriented methods. Victims not keeping backups for restoring their media should contact a trusted anti-malware organization or researcher for any help they might need using free decryption software immediately. They also should note that deleting the FailedAccess Ransomware with proper anti-malware programs, while recommended for preventing further file damage and security problems, will not decrypt any already-locked files automatically.
It's always easier to stop a Trojan's payload from launching than it is to achieve perfect recovery from its ill effects. While the FailedAccess Ransomware's upcoming campaign is likely of being more 'merciful' than most Trojan attacks, in that sense, there's never any reason to stop backing up your files or protecting your PC from oft-exploited vulnerabilities.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 32.25 KB (32256 bytes)
MD5: e3fb080384b0cb7468bcedab9d4fdd6f
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 8, 2017
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.