Ako Ransomware

The Ako Ransomware was one of the most active ransomware threats at the end of 2019. This data -encrypting Trojan is a variant of the Medusa Ransomware. Malware experts work hard to publish free decryption tools for victims of ransomware. However, they have not been able to build one compatible with the Ako Ransomware yet.

Propagation and Encryption

So far, it is not clear what is the infection vector used for the propagation of the Ako Ransomware. Authors of ransomware threats tend to rely on spam email campaigns to distribute their nasty Trojans. Usually, this would involve emails that contain a fake message designed with the help of various social engineering techniques. Also, the emails in question would contain a corrupted attachment that is masked to look like a harmless document or another seemingly innocent file. Other commonly used distribution methods include bogus application updates, malvertisement campaigns, fake pirated variants of popular media or software, etc. When the Ako Ransomware infects a computer, it will make sure to sniff out and begin encrypting a very long list of file types. This ensures maximum damage as all images, audio files, videos, documents, databases, spreadsheets, archives, presentations, and other popular file types will be locked with the help of an encryption algorithm. The Ako Ransomware changes the names of the affected files. This data-encrypting Trojan generates a unique victim ID for each compromised user and appends it as an extra extension after the encryption process has been completed. The victim ID would consist of a six-symbol string containing both letters and numbers. For example, the threat may generate a ‘.WgR13c’ extension. This means that a file named ‘loud-cat.mp3’ originally will be renamed to ‘loud-cat.mp3.WgR13c.’ Every folder, which contains encrypted data, will have an additional file dropped to it - ‘id.key.’

The Ransom Note

The Ako Ransomware will drop a ransom message for the victim in a file named ‘ako-readme.txt.’ In the ransom message, the attackers claim that they demand between 0.3 Bitcoin (about $2,400 at the time of the creation of this article) and 0.9 Bitcoin (about $7,200), depending on the victim. Malware experts are yet to determine how the ransom fee is calculated. The authors of the Ako Ransomware urge the user to download and install the Tor Web browser to visit the page they have linked, which will process the payment required.

We would advise you strongly against cooperating with cybercriminals as this rarely ends well. You are likely to be tricked, and despite the promises of a decryption tool from the attackers, such shady individuals rarely deliver it. This is why you should consider installing a reputable anti-virus software suite that will rid you of the Ako Ransomware swiftly and keep you secure in the future.


Our server windows 2008 server was hit with AKO ransomware. Can you help? Do you have decryption software? Please advise. Thanks, Paul Holm

Unfortunately, there is no software available from anyone that can decrypt the files. However, SpyHunter is able to safely detect and remove AKO Ransomware, which will stop the encryption process from taking place in the future as long as the PC is infection-free. You may utilize SpyHunter to detect any other malware threats and have them removed automatically.

Related Posts


Most Viewed