AngleWare Ransomware – Remove It and Restore .AngleWare Files

AngleWare Ransomware – Remove It and Restore .AngleWare Files

The article will aid you to remove the AngleWare ransomware effectively. Follow the ransomware removal instructions provided at the bottom of the article.

AngleWare ransomware is a cryptovirus that is a variant of another virus – MafiaWare. Its payload file is seen around the Internet and the extension it puts to all files after encryption is .AngleWare. After your files get encrypted, the AngleWare virus will show a ransom note with payment instructions. Malware researchers state that the virus is a variant of HiddenTear, just like MafiaWare. Read on through and find out what ways you could try to potentially recover some of your files.

Threat Summary

Short DescriptionThe sransomware encrypts files on your computer system and it shows a ransom note afterward.
SymptomsThis ransomware virus will encrypt your files and place the .AngleWare extension on each one of them.
Distribution MethodSpam Emails, Email Attachments, Executables
Detection Tool See If Your System Has Been Affected by AngleWare


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss AngleWare.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

AngleWare Ransomware – Delivery Ways

The AngleWare ransomware might be delivered by utilizing different tactics. The payload dropper file which initiates the malicious script for the ransomware is found to be circling the Internet. Malware researchers have found it under the name AngleWare.exe, although it could be renamed to hide its true cause. You can see an analysis of that particular executable file containing the payload script, from the snapshot of the VirusTotal service, right here below:

The AngleWare ransomware might also be using other ways to deliver the payload file, like social media sites or file-sharing services. Freeware applications found on the Web could be promoted as helpful but also could hide the malicious script for this virus. Before opening any files after you have downloaded them, you should instead scan them with a security program. Especially if they come from suspicious places, such as emails or links. Also, don’t forget to check the size and signatures of such files for anything that seems out of place. You should read the ransomware prevention tips given in the forum section.

AngleWare Ransomware – Technical Details

The AngleWare ransomware is a cryptovirus, which is found out to be a variant of the open-source ransomware project HiddenTear, according to malware researchers. It turns out to stem from the MafiaWare ransomware virus. When the AngleWare ransomware encrypts your files it will place the extension an extension to every encrypted file.

The AngleWare ransomware might make new registry entries in the Windows Registry to achieve a higher level of persistence. Those entries are usually designed in a way that will start the virus automatically with every launch of the Windows Operating System.

A ransom message will be placed inside a file on your Desktop right after the encryption process is complete. The ransom note file is called READ_ME.txt and it states what the demands of the cybercriminals are for getting your files back. You can check out the ransom note’s contents from the picture down below:

That ransom note reads the following:

Your files has been encrypted by AngleWare
Pay 3BTC to my bitcoin address 1NEcE8ffNZqAucBtp42a5YXMMUSLY7YfEP
And send the proof to my email

The makers of the AngleWare cryptovirus want you to pay the ransom sum of 3 Bitcoins, which is the equivalent of a little over than 3100 US dollars at the moment of writing this article. However, you should NOT meet their demands, nor contact these crooks under any circumstances. If you proceed and pay them, nobody and nothing in the world can guarantee that you can recover your data afterward. Besides, providing money to these cybercriminals will support them financially and is probably ignite motivation in them to do more criminal acts, including the making of other ransomware viruses.

AngleWare Ransomware – Encryption Process

There is no official list with file extensions that the AngleWare ransomware seeks to encrypt at this moment. However, this article will get duly updated if there is anything new about this matter. The encryption algorithm which is believed to be used by the cryptovirus, is AES as malware researchers state that the ransomware is a variant stemming from the HiddenTear open-source project. All encrypted files will receive the .AngleWare extension, which will be appended to them. The following list is being speculated to reveal the file extensions which the virus searches to get encrypted, as those are the ones which are locked by variants of HiddenTear:

→.txt, .doc, .docx, .xls, .xlsx, .pdf, .pps, .ppt, .pptx, .odt, .gif, .jpg, .png, .db, .csv, .sql, .mdb.sln.php, .asp, .aspx, .html, .xml, .psd, .frm, .myd, .myi, .dbf, .mp3, .mp4, .avi, .mov, .mpg, .rm, .wmv, .m4a, .mpa, .wav, .sav, .gam, .log, .ged, .msg, .myo, .tax, .ynab, .ifx, .ofx, .qfx, .qif, .qdf, .tax2013, .tax2014, .tax2015, .box, .ncf, .nsf, .ntf, .lwp

The AngleWare cryptovirus is quite possible to delete the Shadow Volume Copies from the Windows Operating System by utilizing the following command:

→vssadmin.exe delete shadows /all /Quiet

In case the command above is executed, that will make the encryption process more effective. Continue reading and find out what kinds of methods you can try out to potentially restore some of your files.

Remove AngleWare Ransomware and Restore .AngleWare Files

If your computer got infected with the AngleWare ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.


Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share