The ACCDFISA malware family – Ransomware targeting Windows servers

Jump to navigation Jump to search

(Publication) Google search: [1]

The ACCDFISA malware family – Ransomware targeting Windows servers
Botnet Accdfisa
Botnet/malware group
Exploit kits
Distribution vector
Operation/Working group
Date 2012 / 2012-04-11
Editor/Conference Emsisoft
Link (Archive copy)
Author Fabian Wosar
Type Blogpost


A few weeks ago our colleagues over at BleepingComputer approached us asking for help with a recent malware outbreak that specifically targets Windows servers. Several companies as well as individuals found their servers being locked by a malware that claims to originate from the “Anti Cyber Crime Department of Federal Internet Security Agency” or short “ACCDFISA”. Of course such an institution does not exist and even if it did, it surely wouldn’t ask the owner of the server to submit a certain dollar amount using PaySafeCard or MoneyPak codes. The affected servers fell prey to a new malware family that is currently on the loose.

The ACCDFISA malware family belongs to a malware category called “ransomware”. Ransomware is a special kind of malware that takes a system and its data hostage in an attempt to extort money from its owner in exchange for returning control back to him. What makes the ACCDFISA family special is the unorthodox way in which systems get infected as well as how various third party tools are used to accomplish the malware family’s goals.


 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR316,
   editor = {Emsisoft},
   author = {Fabian Wosar},
   title = {The ACCDFISA malware family – Ransomware targeting Windows servers},
   date = {11},
   month = Apr,
   year = {2012},
   howpublished = {\url{}},