APT Ransomware was created using the open source ransomware project called “HiddenTear,” just like GhostCrypt Ransomware, 8lock8 Ransomware, and other well-known threats. At the time of research, this ransomware is spread via spam emails, but it is possible that different methods of distribution will be employed in the future. Remember that malware creators can update their products and release new versions, which is why it can be difficult to predict the distribution. Overall, right now, you need to be particularly careful about spam emails. If you open them or their attachments, you might unleash the ransomware without even realizing it. Unfortunately, once the threat is executed it immediately encrypts your personal files, and it is impossible to reverse the situation afterward. Even if you pay the ransom that is requested, it is almost guaranteed that your files will remain encrypted. As you might have figured out by now, you will not get your files back by deleting APT Ransomware either.
While the malicious APT Ransomware is encrypting your files, other things happen. The infection can call the “vssadmin delete shadows /all” command to delete your Volume Shadow copies that are created when a restore point is set up. Simultaneously, the threat creates a file called Decrypt_Your_Files.html. This file is placed in every folder that contains corrupted files. You can identify them by the “.dll” extension attached to them. The HTML file opens a page that reveals the demands of cyber criminals. First, you see a great big red sign that says “WARNING,” and that is bound to catch your attention. The message proceeds to inform you that your files were stolen and that they would be sold to the so-called “black market” if you failed to pay a ransom in the next 5 days. An additional warning suggests that your files would be removed if you failed to obey these demands. The intimidating message includes your ID, as well as a Bitcoin address to which you are expected to transfer the payment of 1 Bitcoin. This amount, at this time, converts to $635 or €572, but the conversion rates change very quickly.
Needless to say, the creator of APT Ransomware expects you to pay the ransom, and it is very likely that many victims will obey the demand very quickly. It is most likely that less experienced users and those who do not have their files backed up will surrender first. Hopefully, you have not paid the ransom yet because, according to our research, it is unlikely that your files would be restored even if your transaction was successful. It was discovered that APT Ransomware does not create a private key, which is what should initiate the decryption. It is possible that this is just a temporary flaw that will be fixed, but it is also possible that cyber criminals have no intention of decrypting your files. After all, they care only about your money, and it is not surprising that they do not keep their promises to decrypt your files. Also, keep in mind that once you give your money to cyber criminals, you will not be able to get it back. Of course, even if your files were decrypted, you cannot forget to delete the ransomware.
Are you ready to remove APT Ransomware from your operating system? Hopefully, you are because there is no time to waste when this threat appears. Our researchers strongly recommend utilizing automated malware removal software just because it can quickly erase all threats and keep your Windows operating system malware-free in the future. Considering that a ransomware has managed to slither in, it is clear that your operating system is very vulnerable, and that means that other threats could be active at the same time. Obviously, if that is the case, and you decide to perform manual removal, you will have a lot of work. Identifying and erasing malware is not always easy, which is exactly why we support the automatic removal option. If you are sure you want to take care of malware yourself, make sure that you erase the right file representing the malicious APT Ransomware executable.