Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


APT Ransomware 2.0 Remove and Restore .dll Files

apt-ransomware-sensorstechforumA crypto-virus, dubbed as APT Ransomware requesting it’s victims to pay with Coinbase or Blockchain has appeared out into the open, encrypting files and adding .dll extension after it has completed encryption. APT Ransomware 2.0 also drops a ransom note in an .HTML file, called “DECRYPT_YOUR_FILES”. This ransom note aims to “motivate” the victims to pay a hefty ransom fee in 5 days for the cyber-criminals to be able to decrypt their files in return. And even though it is not confirmed, the virus allegedly uses RSA-4096 to render files unusable. Many consider it to be one of the strongest encryption algorithms, primarily because it uses a military grade encryption strength and a unique private and public decryption keys which both have to be used to decrypt files.

Threat Summary

Name APT Ransomware 2.0
Type Ransomware
Short Description The ransomware allegedly encrypts files with a strong RSA-4096 cipher and asks a ransom payoff of approximately 1 BTC for decryption.
Symptoms Files are encrypted and become inaccessible with an added .dll file extension to them. A ransom note with instructions for paying the ransom shows as a DECRYPT_YOUR_FILES.html file.
Distribution Method Spam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by APT Ransomware 2.0

Download

Malware Removal Tool

User Experience Join our forum to Discuss APT Ransomware 2.0 Ransomware.

APT Ransomware 2.0 – How Is It Distributed Out In The Open/h4>

This virus is not believed to be very widespread, but it may become in the future, depending on the resources of the cyber-criminals and the outcome of the operation. For the moment, it is widely believed that APT Ransomware 2.0 uses phishing e-mails to infect users. The infection may be processed via two main different methods:

  • Malicious URLs embedded in the body of the e-mail that redirects to a drive-by download page and causes an infection.
  • Malicious files disguised as legitimate Microsoft Office or Adobe documents.

The user PC can also become infected via simply opening a malicious web link, and it does not matter where the web link is posted.

APT Ransomware 2.0 – More Information

Once already infected, the APT Ransomware 2.0 virus may be downloaded onto the computer via the assistance of an Exploit Kit that caused the infection or the help of other malware like a downloader Trojan, for example. After being downloaded, the APT Ransomware 2.0 threat may situate malicious files in key Windows folders:

  • %AppData%
  • %Local Files%
  • %Roaming%
  • %Temp%
  • %Common%
  • %System%

After this has been done, the APT Ransomware 2.0 may also create several other types of objects on the infected computer, like registry entries allowing it to run every time Windows starts. The targeted registry keys for this are the RUN and RUNONCE keys, usually located in:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\

After having created value strings on those keys, the APT Ransomware 2.0 may delete the shadow copies or other backups on the targeted machine by executing the vssadmin command in quiet mode.

shadow-command-sensorstechforum

To encrypt the files of the infected computer, the APT Ransomware 2.0 may use the immensely strong RSA-4096 encryption which is also quite risky to implement and may permanently break your files. The ransomware may scan for widely used types of files, such as:

  • Document files (Microsoft Office, Adobe Reader).
  • Image files (Photos, Adobe Photoshop files).
  • Videos (Movie Maker files, .avi, .mpeg4 files).
  • Audio files (.wav, .mp3, .wmv).

After the encryption, the APT 2.0 Ransomware appends the .dll file extension to the encrypted files, for example:

New Text Document.txt will become New Text Document.txt.dll

The APT Ransomware 2.0 also leaves a ransom note behind. The note states the following message:

All your files have been encrypted with APT Ransomware v2.0
All your files has been stealed to our server. If you don’t pay, I sell it in Black Market.
YOU HAVE 5 DAY TO MAKE PAYMENT OR ALL YOUR FILES HAVE BEEN DELETED!
For each file unique, strong key, Algorithm RSA4096 look at https://en.wikipedia.org/wiki/RSA_(cryptosystem)
-All your attempts to restore files on their own, lead to the loss of the possibility of recovery and we are not going to help you.

The ransomware demands users to pay a ransom payoff which is 1 BTC to their BitCoin address, and they also give instructions on how to make a wallet and buy BitCoin as well.

Malware researchers, however, believe that paying the ransom will solve nothing and they strongly advise users to remove any traces of the APT Ransomware 2.0 from your computer.

Remove APT Ransomware and Restore Your Files

To remove this malware from your PC, we advise you to follow the instructions mentioned in this article. In addition, it is also advisable to focus on deleting the virus automatically using an advanced anti-malware program which will ensure it’s successful removal from your computer.

To attempt and restore your files, we advise you to use alternative methods in step “2. Restore files encrypted by APT Ransomware 2.0” while a decrypter becomes publicly available for free. The methods may not be 100% effective, so we advise you to back up your files before attempting them.

The release of a free decryptor, however, is very unlikely because news broke out online that the creators of the ransomware may have created bad code and may not be able to decrypt the encrypted files themselves. We will keep track of the virus and update this article with more information as it becomes available.

Manually delete APT Ransomware 2.0 from your computer

Note! Substantial notification about the APT Ransomware 2.0 threat: Manual removal of APT Ransomware 2.0 requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove APT Ransomware 2.0 files and objects
2.Find malicious files created by APT Ransomware 2.0 on your PC

Automatically remove APT Ransomware 2.0 by downloading an advanced anti-malware program

1. Remove APT Ransomware 2.0 with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by APT Ransomware 2.0
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.