Threat Database Ransomware Angry Duck Ransomware

Angry Duck Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 1,954
First Seen: October 24, 2016
Last Seen: February 5, 2023
OS(es) Affected: Windows

The Angry Duck Ransomware is a ransomware Trojan that has some odd quirks in its ransom note. These oddities make it apparent that the Angry Duck Ransomware was created by amateurs that may be using some ransomware toolkit or RaaS (Ransomware as a Service) utility to create their attacks. The Angry Duck Ransomware is similar to most ransomware Trojans in that it encrypts the victim's files and then demands that the victim makes a payment via BitCoins to recover access to the affected files. Using corrupted email attachments, often in the form of corrupted Microsoft Offices or PDF files, may spread the Angry Duck Ransomware. The Angry Duck Ransomware affects computers using the Windows operating system and can spread in a variety of ways. Apart from the corrupted email and social media messages, the Angry Duck Ransomware also may spread through corrupted online advertising or by hacking into the victim's computers directly. Computer users can minimize the probability of an Angry Duck Ransomware infection by using a reliable security application that is fully up-to-date and avoiding unsolicited email attachments.

There are Some Odd Quirks in the Angry Duck Ransomware's Attack

The Angry Duck Ransomware attack is rudimentary when compared to some of the most threatening ransomware Trojans in the wild. However, the Angry Duck Ransomware does carry out an attack that is effective. Rather than encrypting the entirety of the victim's files, the Angry Duck Ransomware will encrypt the file header on commonly used file types. An analyze of the files affected by the Angry Duck Ransomware revealed that the Angry Duck Ransomware would insert the following message into the affected file headers, followed by randomly-selected characters:

**** THIS FILE HAS BEEN ENCRYPTED BY ANGRYDUCK ****

The files encrypted by the Angry Duck Ransomware will have their extension changed to ADK by the Angry Duck Ransomware. The Angry Duck Ransomware is not capable of encrypting data located on external memory drives, removable media, or network drives, unlike other, more harmful ransomware. The Angry Duck Ransomware targets the following file types:

.3GP, .7Z, .AVI, .BMP, .CSV, .DJVU, .DOCM, ,DOC, .EPUB, .DOCX, .FLV, .GIF, .IBOOKS, .JPEG, .JPG, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PPS, .PKG, .PNG, .PPT .PPTX, .PPSX, .RTF, .TIFF, .TIF, .TORRENT, .TXT, .VSD,.WMV, .XLS, .XLSX, .XPS, .XML.

The Angry Duck Ransomware will change the victim's Desktop image, replacing it with a picture of a duck. This picture will include the following ransom demand:

'*** the Angry Duck ***
All your important files
have been encrypted using string
cryptography
(AES-512 with RSA-64
FIPS grade encryption)
To recover your files,
send 10 BTC to my wallet.
DON"T MESS WITH
THE DUCKS'

There are several things about this message that do not make sense. The types of encryption used, for example, are somewhat ridiculous. AES-512 does not exist at all. RSA-64 would be an extremely simple encryption method that would be useless in these attacks. One additional puzzling detail of the Angry Duck Ransomware ransom message is the demand for 10 BitCoins. That would be near $7000 USD as a ransom! For comparison, most ransomware Trojans demand payments of 0.5 to 1.5 BitCoin (between $300 USD and $900 USD).

Dealing with the Angry Duck Ransomware

PC security analysts strongly advise computer users against paying the Angry Duck Ransomware's absurd ransom amount. Apart from the fact that it is unreasonably high, there is no guarantee that the con artists responsible for the Angry Duck Ransomware attack will deliver the decryption key. It is also likely that the Angry Duck Ransomware encryption is weak enough to allow computer users to recover their data using alternate methods. Computer users are advised to check if the Shadow Volume Copies can be recovered from the affected files. Backups can be used to restore the affected files, and a decryption utility may be available from PC security analysts in a relatively short time since the Angry Duck Ransomware does not perform a full encryption of targeted files.

Trending

Most Viewed

Loading...