Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Remove Apocalypse Ransomware and Decrypt .Encrypted Files

lock-screenNew ransomware variant, whose name was chosen by its creators to be “Apocalypse” has emerged out into the open. The ransomware also known as a crypto-virus uses either RSA or AES cipher to encrypt the files of the computers it infects and runs on startup pretending to be a Windows Update process. Since this ransomware virus demands different ransom payoff ammount in BitCoin, users infected with it are strongly advised not to pay any. Instead it is recommended to follow the instructions here to remove Apocalypse and decrypt your data, using the Decryptor posted below.

Update! AVG researchers have released two decryptors for Apocalypse Ransomware – for the older version and the newer version of Apocalypse ransomware. Do not pay the ransom and decrypt your files for free by using the download links below:
Apocalypse Ransomware Decryptor Variant 1
Apocalypse Ransomware Decryptor Variant 2

Threat Summary

NameApocalypse
TypeRansomware
Short DescriptionThe ransomware encrypts files with a strong cipher and asks a ransom payoff for decryption by contacting its e-mail.
SymptomsFiles are encrypted and become inaccessible. A ransom note with instructions for paying the ransom shows as a How_To_Decrypt.txt file.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by Apocalypse

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss Apocalypse Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Apocalypse Ransomware – Ways of Spreading

In order to be successfully redistributed out into the open, Apocalypse uses different techniques. One of those is posting malicious web links on various places througout the web. Such web links may be featured in spam e-mails resembling a big company, like a bank or PayPal.

Another method of spreading this ransomware may be via potentially unwanted programs (PUPs) which are also known to cause browser redirects.

Apocalypse crypto-virus may also be featured as a malicious e-mail attachment in spam message sent via e-mail.

Apocalypse Ransomware – Methods of Operation

Once activated on your computer, the dropper of the ransomware virus creates an executable in the following Windows directory:

C:\Program Files (x86)\windowsupdate.exe,/p>

After doing so, Apocalypse modifies the registry entry of the infected computer so that this executable runs when you start your Windows OS. This is possible by adding values in the following registry key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Windows Update Svc C:\Program Files (x86)\windowsupdate.exe

On system startup, the ransomware may run as a Windows Update service and block the user, explaining to him that the files are encrypted. It may also run in an obfuscated manner to avoid detection by anti Anti-Virus programs.

To encrypt the files, the Apocalypse ransomware uses an exclusion list. Basically, it encodes every single file of the infected computer except files with the following file extensions:

.encrypted, .dat, .bat, .bin, .ini, .tmp, .lnk, .com, .msi, .sys, .dll, .exe

After enciphering the data, Apocalypse ransomware adds the .encrypted extension to the files, for example:

Picture.jpg.enrypted.How_To_Decrypt.txt

The ransomware also drives users to open the “How_To_Decrypt.txt” file which states the following ransom note:

IF YOU ARE READING THIS MESSAGE, ALL THE FILES IN THIS COMPUTER HAVE BEEN CRYPTED!!!
documents,pictures,videos,audio,backups,etc
IF YOU WANT TO RECOVER YOUR DATA, CONTACT THE EMAIL BELOW
EMAIL: [email protected]
WE WILL PROVIDE DECRYPTION SOFTWARE TO RECOVER YOUR FILES.
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
IF YOU DONT CONTACT BEFORE 72 HOURS, ALL DATA WILL BE LOST FOREVER”

After the encryption process has finished, the ransomware locks the user out of his computer and the only way to access the system again is in Safe Mode.

Remove Apocalypse Ransomware and Decrypt Your Files

To fully erase this ransomware from your computer, we strongly advise following our instructions below. In addition to that experts also recommend removing its malicious files and objects using an advanced-anti-malware tool for maximum effectiveness.

To decrypt your files it is advisable to download EmsiSoft`s decrypter for Apocalypse Ransomware below:

EmsiSoft Decrypter for Apocalypse Ransomware

fix-your-malware-problem-sensorstechforum

Manually delete Apocalypse from your computer

Note! Substantial notification about the Apocalypse threat: Manual removal of Apocalypse requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Apocalypse files and objects
2.Find malicious files created by Apocalypse on your PC
3.Fix registry entries created by Apocalypse on your PC

Automatically remove Apocalypse by downloading an advanced anti-malware program

1. Remove Apocalypse with SpyHunter Anti-Malware Tool
2. Back up your data to secure it against infections and file encryption by Apocalypse in the future
Optional: Using Alternative Anti-Malware Tools
Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.