Angry Duck Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 1,954 |
First Seen: | October 24, 2016 |
Last Seen: | February 5, 2023 |
OS(es) Affected: | Windows |
The Angry Duck Ransomware is a ransomware Trojan that has some odd quirks in its ransom note. These oddities make it apparent that the Angry Duck Ransomware was created by amateurs that may be using some ransomware toolkit or RaaS (Ransomware as a Service) utility to create their attacks. The Angry Duck Ransomware is similar to most ransomware Trojans in that it encrypts the victim's files and then demands that the victim makes a payment via BitCoins to recover access to the affected files. Using corrupted email attachments, often in the form of corrupted Microsoft Offices or PDF files, may spread the Angry Duck Ransomware. The Angry Duck Ransomware affects computers using the Windows operating system and can spread in a variety of ways. Apart from the corrupted email and social media messages, the Angry Duck Ransomware also may spread through corrupted online advertising or by hacking into the victim's computers directly. Computer users can minimize the probability of an Angry Duck Ransomware infection by using a reliable security application that is fully up-to-date and avoiding unsolicited email attachments.
There are Some Odd Quirks in the Angry Duck Ransomware's Attack
The Angry Duck Ransomware attack is rudimentary when compared to some of the most threatening ransomware Trojans in the wild. However, the Angry Duck Ransomware does carry out an attack that is effective. Rather than encrypting the entirety of the victim's files, the Angry Duck Ransomware will encrypt the file header on commonly used file types. An analyze of the files affected by the Angry Duck Ransomware revealed that the Angry Duck Ransomware would insert the following message into the affected file headers, followed by randomly-selected characters:
**** THIS FILE HAS BEEN ENCRYPTED BY ANGRYDUCK ****
The files encrypted by the Angry Duck Ransomware will have their extension changed to ADK by the Angry Duck Ransomware. The Angry Duck Ransomware is not capable of encrypting data located on external memory drives, removable media, or network drives, unlike other, more harmful ransomware. The Angry Duck Ransomware targets the following file types:
.3GP, .7Z, .AVI, .BMP, .CSV, .DJVU, .DOCM, ,DOC, .EPUB, .DOCX, .FLV, .GIF, .IBOOKS, .JPEG, .JPG, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PPS, .PKG, .PNG, .PPT .PPTX, .PPSX, .RTF, .TIFF, .TIF, .TORRENT, .TXT, .VSD,.WMV, .XLS, .XLSX, .XPS, .XML.
The Angry Duck Ransomware will change the victim's Desktop image, replacing it with a picture of a duck. This picture will include the following ransom demand:
'*** the Angry Duck ***
All your important files
have been encrypted using string
cryptography
(AES-512 with RSA-64
FIPS grade encryption)
To recover your files,
send 10 BTC to my wallet.
DON"T MESS WITH
THE DUCKS'
There are several things about this message that do not make sense. The types of encryption used, for example, are somewhat ridiculous. AES-512 does not exist at all. RSA-64 would be an extremely simple encryption method that would be useless in these attacks. One additional puzzling detail of the Angry Duck Ransomware ransom message is the demand for 10 BitCoins. That would be near $7000 USD as a ransom! For comparison, most ransomware Trojans demand payments of 0.5 to 1.5 BitCoin (between $300 USD and $900 USD).
Dealing with the Angry Duck Ransomware
PC security analysts strongly advise computer users against paying the Angry Duck Ransomware's absurd ransom amount. Apart from the fact that it is unreasonably high, there is no guarantee that the con artists responsible for the Angry Duck Ransomware attack will deliver the decryption key. It is also likely that the Angry Duck Ransomware encryption is weak enough to allow computer users to recover their data using alternate methods. Computer users are advised to check if the Shadow Volume Copies can be recovered from the affected files. Backups can be used to restore the affected files, and a decryption utility may be available from PC security analysts in a relatively short time since the Angry Duck Ransomware does not perform a full encryption of targeted files.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.