FCP Ransomware
Posted: August 1, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 436 |
| First Seen: | August 1, 2017 |
|---|---|
| Last Seen: | February 1, 2022 |
| OS(es) Affected: | Windows |
The FCP Ransomware is a Trojan that creates pop-ups stating that it's encrypting your files and asking you to buy an 'advanced edition' decryptor to unlock them. While malware experts can confirm that no data-encrypting or deleting features are in the FCP Ransomware's current build, the Trojan appears to be incomplete and may experience updates that change the details of this article. In either case, you can protect your PC with anti-malware programs that delete the FCP Ransomware as a threat by default.
Old-Fashioned Design Aesthetics in New, Chinese Trojans
The last week of July saw an increase in detection for a new Chinese-based threat that appears to be intending to use data encryption for soliciting money. While malware experts only can find samples of this Trojan, the FCP Ransomware, in what is an unfinished version apparently, it does show many characteristics, both cosmetic and technical, to set itself apart from similar software. Fortunately, its authors appear to have put limited work into obfuscating the FCP Ransomware, which is detectable at acceptable rates by many AV companies.
The FCP Ransomware doesn't deploy any data-encrypting attacks that could lock your files but does edit their names, which could hinder identifying them. Once open, the FCP Ransomware launches pop-up showing messages in both English and Chinese containing a simple encryption warning and identifying itself. However, unlike most file-encrypting threats or other, ransom-based Trojans, the FCP Ransomware doesn't bundle the UI for the ransoming process in the same window.
Instead, the FCP Ransomware claims that the separate decryption module will load afterward automatically (bugs in its code prevent the decryptor from launching by default currently, although malware experts confirm that it does launch manually). The decryption program provides a blue text prompt reminiscent of old software installer interfaces and asks you to pay for the 'advanced' edition for getting the complete decryption of your files. The ransoming and payment elements, like the FCP Ransomware's supposed file-blocking attacks, seem to be 'in progress.'
Modernizing Your Protection against Traditionalist Trojans
The FCP Ransomware's use of semi-antiquated interface ideas, such as asking the user to input file paths manually, may be evidence of its origin as a Trojan separate from commonplace families like the Globe Ransomware or EDA2. While all of the FCP Ransomware's ransoming content includes dual-language support in both English and Chinese, any potential encryption attacks that its threat actors could choose to use in the future are unlikely to filter out systems with inappropriate language settings. Backing up your files can trivialize any potential encryption-related issues and help you restore any files that the FCP Ransomware modifies without needing to break its cipher.
Although malware experts are hesitant to draw firm conclusions about the infection strategies of an in-development Trojan, the FCP Ransomware is more likely to use installation exploits targeting Chinese speakers. Other attacks by threats in the FCP Ransomware's classification are using a range of different methods to compromise PCs, such as spam e-mails, exploit kits that load through hostile websites, and falsely named downloads (especially for illicit content, such as gaming cracks). Since it includes no default self-distributing methods, using anti-malware programs for deleting the FCP Ransomware also can help you identify any related threats that may reinstall it.
Any nation whose residents have money to spend and files to protect is at risk from attacks like the FCP Ransomware's tactic-in-progress. Whether you see pop-ups that look as old as Windows XP or as new as the Jigsaw Ransomware, scanning any information in detail and thinking through all your data recovery options can help you from making an expensive mistake.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.