Decrypt Files Encrypted by .FailedAccess Ransomware - How to, Technology and PC Security Forum |

Decrypt Files Encrypted by .FailedAccess Ransomware

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Article created to help you completely remove the .FailedAccess file virus and decrypt files encrypted by it for free.

Yet another variant of “Stupid” ransomware family has appeared out in the wild, this time using the .FailedAccess file extension. The virus has a goal to encrypt the files on computers that have been compromised by it after which leave behind a ransom note file notifying victims to pay a hefty ransom fee in order to restore files encrypted by this ransomware infection. Fortunately, the FailedAccess ransomware is part of the family of Stupid ransomware which is decryptable. In case you have become a victim of this virus, we advise following the instructions on this article to remove the virus and restore .FailedAccess encrypted files from your computer.

Threat Summary



Short DescriptionEncrypts important documents, music, video, images and other files and then demands a ransom to be paid to get the files back.

SymptomsThis ransomware uses the .FailedAccess file extension which is added to the encrypted files.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by FailedAccess


Malware Removal Tool

User ExperienceJoin our forum to Discuss FailedAccess.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.FailedAccess Virus – Infection Process

The .FailedAccess threat may cause an infection by carefully utilizing multiple different types of techniques, such as:

Exploit kits.
Malcious MicrosoftOffice macros.

These techniques may be used in multiple different types of situation, such as sending spam e-mails to users. Such spam e-mails may include the usage of legitimate e-mail addresses that are not flagged as spam, to spread messages to users with convincing statements to open the e-mail attachments. Two examples of such e-mails, oje using a malicious attachment and the other using a URL can be seen below:

In addition to being spread via e-mail, the FailedAccess ransomware virus may also cause infection via fake setups as well as other fake software uploaded on suspicious websites or torrent-providers.

.FailedAccess File Virus – Infection Activity

As soon as the victim of .FailedAccess ransomware clicks on the web link, the virus may connect to the C2 server or a distribution site. From there, the payload of the ransomware is downloaded and may reside within the following Windows folders:

  • %AppData%
  • %Roaming%
  • %Local%
  • %LocalLow%
  • %SystemDrive%
  • %Windows%
  • %System32%

The ransomware infection may also tamper with the Windows Registry editor, modifying the following keys:


After having changed different settings, .FailedAccess ransomware may begin to encrypt user files.

FailedAccess Virus – Encryption Process

The encryption process of FailedAccess may target, documents, photos, music and many other file types:


As soon as the virus detects the file extensions, which it is pre-configured to encode, the ransomware immediately begins to change blocks of their data. After the encryption is complete, the virus adds the .FailedAccess file extension, making the files appear like the image below:

Fortunately, files encrypted with this extension, can be decrypted as researcher demonslay335 has updated the decryptor for all Stupid Ransomware variants know so far.

Remove .FailedAccess Virus

Before you begin decrypting the .FailedAccess encoded files, it is advisable to first get rid of this threat. One very good method to do it, is to follow the removal instructions underneath. They are carefully designed to help you isolate and then remove all the malicious objects. However, since the .FailedAccess ransomware heavily interferes with Windows registry entries and files, it is strongly advisable to focus on removing this threat automatically. The best recommended tool to do this with is an advanced anti-malware program which will also ensure future protection in the meantime.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share