FailedAccess Ransomware

The FailedAccess Ransomware is a Trojan based on open-source code that damages your files to force you into paying a ransom. One should attempt other methods of data recovery before rewarding a harmful behavior with ransom money, which never is a surefire way of procuring the necessary decryption key. PCs protected with modern anti-malware software should be able to delete the FailedAccess Ransomware automatically, keeping it from locking any of your local content.

The Trojans Kind Enough to Tell You of Their Hacking

One unfortunate reality of the threat landscape is that many of its victims see no need to take proactive security steps until after they start seeing visible signs of attacks taking place against their PCs. Although, for some types of threats, these symptoms never may arrive, for others such as the new FailedAccess Ransomware, the symptoms do appear, but too belatedly for the user's benefit. This developing file-encrypting Trojan, like most of its kind, shows its pop-up attacks after it's already damaged the contents of your hard drive.

Malware experts connect the FailedAccess Ransomware to older, similar threats also designed with the help of open-source (or freely circulated and available) threat code. Although its threat actor has yet to circulate it in live campaigns, the Trojan's payload is starting off with full file-encoding capabilities that are adequate for blocking and damaging various data formats, including JPG or PNG images and MP3 audio. The FailedAccess Ransomware also adds the '.FailedAccess' extension to the name of every file it encrypts.

Once these attacks finish, the FailedAccess Ransomware loads a 'You are Hacked' pop-up window containing its author's ransoming demands for the file-unlocking key. The threat actor, self-identified by the initials of J.H., uses English for communication, but with numerous grammatical errors. The FailedAccess Ransomware also includes a default field for entering the decryption key, once you acquire it, after which the Trojan will decrypt all of your encoded media theoretically.

Regaining Full Access to Your Digital Property

So far, J.H. shows limited signs of any significant experience in threat development, with most of the FailedAccess Ransomware's code and features being preexisting elements of old threats. Samples of the FailedAccess Ransomware under analysis by malware experts encrypt only the contents of a single, test directory on the user's desktop, but more areas are almost certain to be included in a public release version of the Trojan. Exploits that its author could abuse for distributing the FailedAccess Ransomware include brute-force password hacks, e-mail spam attachments, corrupted Web scripts, and free software bundles.

Due to being a close relative of Trojans examined previously, the FailedAccess Ransomware has limited protection against decryption by non-ransom-oriented methods. Victims not keeping backups for restoring their media should contact a trusted anti-malware organization or researcher for any help they might need using free decryption software immediately. They also should note that deleting the FailedAccess Ransomware with proper anti-malware programs, while recommended for preventing further file damage and security problems, will not decrypt any already-locked files automatically.

It's always easier to stop a Trojan's payload from launching than it is to achieve perfect recovery from its ill effects. While the FailedAccess Ransomware's upcoming campaign is likely of being more 'merciful' than most Trojan attacks, in that sense, there's never any reason to stop backing up your files or protecting your PC from oft-exploited vulnerabilities.

Technical Details