FTCode surfaces again with the capability of stealing saved credentials

FTCode ransomware receives an update and is now capable of stealing saved credentials from emails and web browsers.

FTCode is a PowerShell-based ransomware strain which came to light in 2013 and resurfaced in October 2019. The ransomware is fully developed in PowerShell which allows it to encrypt the target devices without downloading any additional components. The process of functionality addition is very easy for FTCode ransomware.

The newly added info stealing functionality allows the ransomware to access the stored credentials of the victims. FTCode can now access and retrieve saved credential from web browsers and email clients such as Internet Explorer, Mozilla Firefox, Google Chrome, Mozilla Thunderbird, etc. After harvesting the data it sends it to its command-and-control server, with usernames and passwords being encoded using Base64 scheme.

Ransom of $500 is currently being demanded by the attackers for supplying the decryptor. The threat of loosing login credentials of financial and personal accounts is major and can cause a huge blow to the victim. For proper and best in class ransomware protection use NPAV and defend yourself against all kinds of virus attacks.

Use NPAV and join us on a mission to secure the cyber world.