Ransomware virus known by the name Angry Duck has been reported to cause problems for users. Funnily enough, the virus uses .adk file extension and a duck for a wallpaper along with a ransom message claiming it has used the AES-512 and RSA-64 ciphers for encryption, which is very strange because AES-512 encryption is very difficult to use In ransomware viruses due to the risk of the encryption breaking the files. Either way, anyone who has been infected by this ransomware virus should not bay the 10 BTC amount requested by the cyber-criminals. Instead we strongly urge you to check carefully our removal and file restoration tips in this article to learn more about the Angry Duck virus and how to deal with it until a decryptor has been released.
|Short Description||The malware encrypts users files using a strong encryption algorithm, making direct decryption possible only via a unique decryption key available to the cyber-criminals.|
|Symptoms||The user may witness ransom notes and “instructions” linking to a web page and a decryptor. Changed file names and the file-extension .adk has been used.|
|Detection Tool|| See If Your System Has Been Affected by Angry Duck |
Malware Removal Tool
|User Experience||Join our forum to Discuss Angry Duck.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
How Is Angry Duck Distributed
For it to be successful while it infects users, the Angry Duck virus may undertake massive spam campaigns allowing it to infect via lying messages that it is a legitimate e-mail attachment or a URL, just like CrySiS ransomware. There are even cases where the fake spam e-mails represent fraudulent Facebook, LinkedIn or other notifications, whose buttons lead to malicious web links that cause the infection, like the fake phishing message below:
To ensure maximum success during infection, the cyber-criminals behind Angry Duck may be focused primarily on several tools and programs that help the payload being delivered uninterruptedly:
- Exploit Kits.
- Malware obfuscators.
- Other distribution malware.
Angry Duck Ransomware – What Happens When Infected?
As soon as the virus has infected a targeted computer via one of the above-mentioned methods, it may immediately drop it’s malicious files in one or more of the following Windows folders:
Angry Duck ransomware then may either drop files such as the ransom note and the malicious executable that encrypts files in the %Startup% folder or the virus may modify the registry entries Run and Run once adding a path to the malicious file.
As soon as the malicious files of Angry Duck ransomware are run on system startup, the virus may begin to encipher various widely used files, such as videos, documents, database files, photos, audio files and others. To do this successfully, Angry Duck ransomware is pre-programmed to attack files with notorious file extensions, for example:
After it encrypts the files, Angry Duck virus adds a unique .adk file extension to their original one and renders the files to be no longer openable. Encrypted files by Angry Duck look like the following:
The virus also leaves it’s distinctive Angry Duck ransom note that has the following message:
“*** ANGRY DUCK ***
All your important files have been encrypted using very string cryptography (AES-512 with RSA-64 FIPS grade encryption)
To recover your files send 10 BTC to my private wallet.
DON’T MESS WITH THE DUCKS!!”
The encrypted files may be enciphered using AES and RSA ciphers combined, just like it says on the ransom note of the virus, however, it may also be deceitful to fool reverse engineers or people who are seeking decryptors for those ciphers. Malware researcher Michael Gillespie identified encrypted files by a unique file marker this virus uses that says “THIS FILE HAS BEEN ENCRYPTED BY ANGRYDUCK”:
Angry Duck Ransomware – Conclusion and Removal and File Restoration
As a bottom line, Angry Duck Ransomware is a virus that may be decryptable and may not be as sophisticated as it’s ransom note claims it to be. The Angry Duck virus also aims to get users to pay the insane ransom amount of 10 BTC which is classified as unusually high compared to other ransomware viruses. Not only this but paying the ransom may not guarantee the successful recovery of your files which is why researchers strongly advise against doing so. Removal and seeking of alternative file restoration methods like the ones in the instructions below are recommended.
To remove Angry Duck ransomware, you can follow either the manual removal instructions or the automatic ones which include the usage of an advanced anti-malware tool for maximum effectiveness.
To attempt and reverse your files and make them accessible again, there is no decryptor for Angry Duck at this moment. This is the reason we strongly urge you to follow step “2. Restore files encrypted by Angry Duck” below and establish if the virus can be decrypted via those alternative methods. But bear in mind that they may not be 100% guaranteed to succeed, and you should back up your encrypted files before attempting those methods, because they may break indefinitely.
Manually delete Angry Duck from your computer
Note! Substantial notification about the Angry Duck threat: Manual removal of Angry Duck requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.