FTCODE Ransomware

FTCODE Ransomware is a threat you might receive if you interact with unreliable text documents. Further, in the article, we discuss how users could come across such data and how to avoid such malicious applications. It is just as important to talk about the malware’s working manner to know what to expect from it. In brief, the threat connects to the Internet without a user’s permission and encrypts files located on a user’s computer. Next, the malicious application should drop a ransom note demanding to pay for decryption tools, but our researchers say it may not happen because their tested sample did not show any messages. For more information about this threat, you should read our full article. At the end of it, you can find instructions explaining how to remove FTCODE Ransomware from a computer. If the described method seems too complicated, we recommend using a reliable antimalware tool instead.

The first thing we would like to talk about is where FTCODE Ransomware could come from. Our researchers found out that the malware’s launcher could be a fake Microsoft Word document. It looks like such files could be delivered via Spam emails. Thus, if you do not open a malicious email attachment by accident, you should be extremely careful with Spam emails and messages coming from senders you do not know. As you realize, even a text document might, in reality, appear to be harmful, so you cannot lose your guard down with such data either.

Usually, users try to avoid opening suspicious executable files, but, clearly, such data can be disguised, so users have to put much more effort into keeping away from malware nowadays. To make this task easier, we recommend having a reliable antimalware tool that could detect threats and keep your system secure. Always remember that if you cannot tell whether an attachment or any other file downloaded from the Internet is safe to open, you can scan it with your chosen antimalware tool and it should discover it for you.

After a user launches a fake text file carrying FTCODE Ransomware, the malware ought to settle in on a system. The first thing it ought to do to complete this process is to drop a malicious .vbs file called WindowsIndexingService.vbs in the %PUBLIC%\Libraries location. Next, the threat may create a scheduled task called WindowsIndexingService to make an infected computer launch the malicious application regularly.

This task could cause a lot of problems because every time that the malware gets relaunched, it might encrypt newly created files, which it did not have the chance to encrypt before. Consequently, it is highly recommended not to leave the threat unattended if you do not want to put your future data at risk. FTCODE Ransomware encrypts pictures and various types of documents with a robust encryption algorithm. As a result, they become unreadable and impossible to launch. In most cases, such malicious applications show ransom notes, messages with instructions that tell how to pay a ransom. In exchange, hackers may promise to send decryption tools or to help decrypt victim’s files somehow else.

What is strange is that the sample of FTCODE Ransomware that our researchers tested did not show any ransom notes. In other words, the threat only encrypted files available on our computer. It is possible that the version we encountered might have been unfinished. Therefore, we cannot be sure that the variant you encounter will not show a message with instructions on how to pay a ransom or contact the hackers behind the malicious application to learn how to get decryption tools. In any case, we would like to stress is that no matter what cybercriminals could promise, it is always a risk to deal with them, and if you do not want to take any chances, you should not put up with any demands.

Lastly, we should talk about how one could remove FTCODE Ransomware. One of the available options is to erase it manually by following the instructions located below. They explain how to search for the malware’s created files and how to delete them. The other way is to use a reliable antimalware tool that could detect and remove the malicious application for you.

Eliminate FTCODE Ransomware

1. Click Ctrl+Alt+Delete.
2. Choose Task Manager and select Processes.
3. Find a process belonging to the threat.
4. Mark it and click End Task.
5. Exit Task Manager.
6. Click Win+E.
7. Find these paths:
   %TEMP%
   %USERPROFILE%\Downloads
   %USERPROFILE%\Desktop
8. Find the malicious application’s launcher (suspicious file downloaded before your computer became infected).
9. Right-click it and select Delete.
10. Go to: %PUBLIC%\Libraries
11. Find a malicious .vbs file named WindowsIndexingService.vbs, right-click it and select Delete.
12. Navigate to:
    %WINDIR%\Tasks
    %WINDIR%\System32\Tasks
13. Look for a scheduled task called WindowsApplicationService, right-click it and press Delete.
14. Exit File Explorer.
15. Empty Recycle Bin.
16. Restart the computer.