Angleware Ransomware Removal Guide

Threat Level:
Rate this Article:
Comments (0)
Article Views: 583
Category: Trojans

Angleware Ransomware is a ransomware-type computer infection that was first seen on 22 March 2017. It is part of the Hidden Tear ransomware family and is written in the .Net framework code. It is highly dangerous and you should remove it if your PC were to become infected with it. Our research has shown that this particular application is capable of encrypting your personal files and then demanding that you pay a ransom for the decryption tool that will decrypt them. You should not expect the cyber criminals to keep their word as they are interested in taking your money — not giving you access to your files.

At the time of this article, we do not know how this particular ransomware is distributed. However, we have a hunch that it might be distributed in malicious email spam as previous Hidden Tear-based ransomware did. Hence, Angleware Ransomware is in some ways similar to Redants Ransomware, CryptoKill Ransomware, and Korean Ransomware. Our analysis has shown that it was coded in .Net framework. Its architecture is AnyCPU (32-bit preferred) and it uses the .NET 4.0 Runtime. Now, as far as its distribution methods are concerned, we believe that this particular ransomware might be distributed in malicious emails that are obviously disguised as legitimate and can look like tax return forms, receipts, invoices, and so on. The emails should feature this ransomware’s main file as an attachment. The attached file might be a zipped file archive that contains the main executable which might be named mafiaware.exe or AngleWare.exe. Depending on where you open it or extract it, the executable can end up in Temp, Downloads folders or even on the desktop.

If this ransomware manages to get onto your computer, then you are in trouble because it will begin scanning it for encyptable files and then go to work. Our research has shown that it can encrypt file extensions that include but are not limited to ".exe", ".txt", ".doc", ".docx", ".xls", ".xlsx", and ".ppt." This program can encrypt dozens of file extensions and deny you access to the files as a result. Angleware Ransomware was configured to use the AES-256 encryption key with a 256-bit key size and 128-bit block size. Its encryption is rater strong and there is currently no free decryption tool. While encrypting your files, this program will append them with the Angleware Ransomware file extension. Once the encryption is complete, this ransomware is set to open tcp 49488, 49495- 49496 ports on your PC. Then, it sends information such as your PC name, user name, and password, to using an HTTP protocol (Port 80) with GET parameters.

Then, this ransomware drops a ransom note READ_ME.txt. The note provides you with information on how to pay the ransom. It features to Bitcoin wallet address to which you have to send the payment as well as to how to buy Bitcoins. This particular ransomware wants you to pay 3 BTC (3090 USD) which is a significant sum of money which might not be worth your files.

If you want to remove Angleware Ransomware, then you can do it manually or get an antimalware program. We recommend using our featured program — SpyHunter which is more than capable of deleting this ransomware as well as protecting your PC from future infections. However, if you want to get rid of it manually, you can and can follow the guide below to remove it.

Removal Guide

  1. Press Windows+E keys.
  2. In the address box enter the following file paths and press Enter.
    • C:\Windows\Temp
    • C:\Users\{User name}\Downloads
    • C:\Users\{User name}\Desktop
  3. Locate mafiaware.exe or AngleWare.exe
  4. Right-click it and click Delete.
  5. Empty the Recycle Bin.
Download Remover for Angleware Ransomware *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.

Angleware Ransomware Screenshots:

Angleware Ransomware


Your email address will not be published.


Enter the numbers in the box to the right *