Cyber criminals have started using famous politicians’ names to create malicious software. One of their newest products is Angela Merkel Ransomware, which shares similarities with Exotic Ransomware since it is created on its engine. Even though Angela Merkel Ransomware has just appeared on the web, it does not differ much from those older threats because it also performs the detection and encryption of personal files users keep on their computers. It has been found that it starts encrypting %USERPROFILE%\Desktop first, then goes to lock files in %USERPROFILE% and its subfolders, and, finally, it returns to check the directory %USERPROFILE%\Desktop one more time. Just like other ransomware infections, it then tries to persuade users that the only way to unlock those files is to purchase the decryption key. Since Angela Merkel Ransomware does not work properly yet (it might still be in the development mode, or it is poorly made), it is impossible to transfer money to cyber criminals and get the decryption tool. In fact, it is not a good idea to transfer money even if you are reading this article after some time when Angela Merkel Ransomware is fixed and works the way it should. The reason is one – cyber criminals might not send you the decryptor after receiving money. The refund will not be issued either.
Once Angela Merkel Ransomware finishes encrypting files (they will all have a new filename extension .angelamerkel) it finds on the computer, it opens a window containing the ransom note. It informs users about the encryption of files and tells them that the decryption key costs 1200 EUR. The payment has to be made in Bitcoins. As has already been mentioned, it is impossible to transfer money to cyber criminals because they have not left the Bitcoin address. Actually, you do not even need to send money to crooks to recover your files because it might be possible to get them back without the special key. In order to recover personal data, users must have copies of their files. These files could be easily transferred to the computer after the removal of Angela Merkel Ransomware. Unfortunately, it is impossible to retrieve data if its backup does not exist. If you are not planning on paying money to cyber criminals and do not have a backup of your important files, you should use alternative data recovery tools or wait until software developers release a free decryptor.
A window opened by the ransomware infection can be easily closed by clicking X. Also, it is not as aggressive as other existing threats in a sense that it does not block system utilities, e.g. Task Manager and Registry Editor. In addition, it has been found that it will not create a point of execution on the infected computer. Finally, it does not place files on the infected computer and does not apply changes to the system registry. In other words, Angela Merkel Ransomware is not a very sophisticated infection.
Since Angela Merkel Ransomware is a new threat, there is not much information about its distribution. Even though it is unclear how it is spread, it is very likely that it is disseminated as an attachment in spam emails. If a user opens such an attachment, the ransomware infection immediately sneaks onto the computer and starts encrypting users’ files. Of course, users do not know anything about that until they find out that it is impossible to access files. Believe us; ransomware infections are very sneaky threats, so it might be very true that you will encounter a similar file-encrypting ransomware infection again if you do not do anything to protect your PC. According to specialists, it is possible to protect the computer from the ransomware attack by installing a reputable security application on the system, so you should do that as soon as possible.
Angela Merkel Ransomware needs to be removed immediately so that it could never launch on your computer and encrypt files once again. It is possible to remove it manually; however, many users find it extremely hard to find the malicious file launched on the computer. In such a case, it is advisable to use an automatic malware remover, e.g. SpyHunter. An automatic tool will need a few seconds to find and delete the executable file.