A crypto-virus, dubbed as APT Ransomware requesting it’s victims to pay with Coinbase or Blockchain has appeared out into the open, encrypting files and adding .dll extension after it has completed encryption. APT Ransomware 2.0 also drops a ransom note in an .HTML file, called “DECRYPT_YOUR_FILES”. This ransom note aims to “motivate” the victims to pay a hefty ransom fee in 5 days for the cyber-criminals to be able to decrypt their files in return. And even though it is not confirmed, the virus allegedly uses RSA-4096 to render files unusable. Many consider it to be one of the strongest encryption algorithms, primarily because it uses a military grade encryption strength and a unique private and public decryption keys which both have to be used to decrypt files.
|Name||APT Ransomware 2.0|
|Short Description||The ransomware allegedly encrypts files with a strong RSA-4096 cipher and asks a ransom payoff of approximately 1 BTC for decryption.|
|Symptoms||Files are encrypted and become inaccessible with an added .dll file extension to them. A ransom note with instructions for paying the ransom shows as a DECRYPT_YOUR_FILES.html file.|
|Distribution Method||Spam Emails, Email Attachments, File Sharing Networks.|
|Detection Tool|| See If Your System Has Been Affected by APT Ransomware 2.0 |
Malware Removal Tool
|User Experience||Join our forum to Discuss APT Ransomware 2.0 Ransomware.|
APT Ransomware 2.0 – How Is It Distributed Out In The Open/h4>
This virus is not believed to be very widespread, but it may become in the future, depending on the resources of the cyber-criminals and the outcome of the operation. For the moment, it is widely believed that APT Ransomware 2.0 uses phishing e-mails to infect users. The infection may be processed via two main different methods:
- Malicious URLs embedded in the body of the e-mail that redirects to a drive-by download page and causes an infection.
- Malicious files disguised as legitimate Microsoft Office or Adobe documents.
The user PC can also become infected via simply opening a malicious web link, and it does not matter where the web link is posted.
APT Ransomware 2.0 – More Information
Once already infected, the APT Ransomware 2.0 virus may be downloaded onto the computer via the assistance of an Exploit Kit that caused the infection or the help of other malware like a downloader Trojan, for example. After being downloaded, the APT Ransomware 2.0 threat may situate malicious files in key Windows folders:
- %Local Files%
After this has been done, the APT Ransomware 2.0 may also create several other types of objects on the infected computer, like registry entries allowing it to run every time Windows starts. The targeted registry keys for this are the RUN and RUNONCE keys, usually located in:
After having created value strings on those keys, the APT Ransomware 2.0 may delete the shadow copies or other backups on the targeted machine by executing the vssadmin command in quiet mode.
To encrypt the files of the infected computer, the APT Ransomware 2.0 may use the immensely strong RSA-4096 encryption which is also quite risky to implement and may permanently break your files. The ransomware may scan for widely used types of files, such as:
- Document files (Microsoft Office, Adobe Reader).
- Image files (Photos, Adobe Photoshop files).
- Videos (Movie Maker files, .avi, .mpeg4 files).
- Audio files (.wav, .mp3, .wmv).
After the encryption, the APT 2.0 Ransomware appends the .dll file extension to the encrypted files, for example:
The APT Ransomware 2.0 also leaves a ransom note behind. The note states the following message:
The ransomware demands users to pay a ransom payoff which is 1 BTC to their BitCoin address, and they also give instructions on how to make a wallet and buy BitCoin as well.
Malware researchers, however, believe that paying the ransom will solve nothing and they strongly advise users to remove any traces of the APT Ransomware 2.0 from your computer.
Remove APT Ransomware and Restore Your Files
To remove this malware from your PC, we advise you to follow the instructions mentioned in this article. In addition, it is also advisable to focus on deleting the virus automatically using an advanced anti-malware program which will ensure it’s successful removal from your computer.
To attempt and restore your files, we advise you to use alternative methods in step “2. Restore files encrypted by APT Ransomware 2.0” while a decrypter becomes publicly available for free. The methods may not be 100% effective, so we advise you to back up your files before attempting them.
The release of a free decryptor, however, is very unlikely because news broke out online that the creators of the ransomware may have created bad code and may not be able to decrypt the encrypted files themselves. We will keep track of the virus and update this article with more information as it becomes available.