ACCDFISA v2.0 Ransomware

ACCDFISA v2.0 Ransomware is a new version of an old ransomware infection ACCDFISA Ransomware (it was first detected by malware researchers in 2012). It targets only the Windows Server OS, so ordinary users with Windows XP, 7, 8, 8.1, and Windows 10 running on their computers should not encounter it. Although this infection targets Windows servers primarily, it does not differ much from other ransomware infections, as specialists at pcthreat.com have noticed. It also wants money from people, and, in order to obtain money from them easier, it makes it impossible to access all the most valuable files. Most likely, you could not get those files back if you do not have a backup of your files. Also, we suspect that it might be quite a challenge to remove this infection from your machine because it locks compromised machines by opening a screen-locking window with a ransom note. No matter how complicated the removal procedure is, ACCDFISA v2.0 Ransomware cannot stay active on your computer.

ACCDFISA v2.0 Ransomware is a nasty infection, to say the least. Once it infiltrates the machine with the Windows Server OS running on it, it scans the system and finds the exact location of the most valuable files. Then, it encrypts them all and turns them into password-protected .rar archives. These all files are then transformed into .exe files, so users see picture.txt turn into picture.txt(!! to decrypt email id to @gmail.com !!).exe. Original files are deleted too so that they could not be recovered. A bunch of encrypt files is not the only sign showing that the ACCDFISA v2.0 Ransomware entrance has been successful. If it has already affected your machine, you will also see a window placed on Desktop. It completely locks the screen, which makes it ever harder to get rid of this ransomware infection. The window opened contains the ransom note whose first sentence informs users why they can no longer access their files: “Warning! Access to your computer is limited. Your files has been encrypted.” As expected, this infection also wants money from users. Judging from one sentence the ransom note contains, the size of the ransom starts from $300. It might seem that it is worth paying money to cyber criminals behind this infection, but it is not true because you do not know whether your encrypted files will be unlocked. Additionally, the chances are high that the ransomware infection will not be automatically removed from your machine even if cyber criminals receive the ransom from you.

Since we already know how ACCDFISA v2.0 Ransomware works on compromised machines, let’s talk about its distribution in detail. Our malware researchers say that this threat slightly differs from other well-known ransomware infections seeking to obtain money from users in a sense that it is installed on computers manually by the attacker. It is known that the attacker searches for systems running the Remote Desktop or Terminal Services. If it manages to find such a system and the brute-force attack is successful, the attacker can log into the system. Once this happens, the ransomware infection is downloaded and executed right away. Ransomware infections are quite prevalent threats, and, unfortunately, there are no guarantees that you will not encounter any of them again in the future, so you should back up your files as soon as possible. If a similar infection ever slithers onto your computer again and affects your files, you will not lose them – you could restore them from a backup.

You must remove ACCDFISA v2.0 Ransomware from your system, but it does not mean that you fill unlock your files by deleting it from your machine. Of course, it does not mean that we encourage you to go to pay the ransom to cyber criminals. To delete this nasty infection from your computer, you need to remove all its components one by one. You will need to unlock your screen first – it should be enough to kill the malicious process representing ACCDFISA v2.0 Ransomware via Task Manager. If your computer still stays locked, you will need to boot into Safe Mode.

How to delete ACCDFISA v2.0 Ransomware

1. Access Task Manager (press Ctrl+Shift+Esc).
2. Find and kill the malicious process belonging to ACCDFISA v2.0 Ransomware.
3. Delete all suspicious files from C:\Windows\System32, C:\ProgramData, and C:\.
4. Remove files associated with ACCDFISA v2.0 Ransomware from Desktop (%USERPROFILE%\Desktop).
5. Use an automated security scanner to check if all files of this infection have been erased.