Angus Ransomware

Angus Ransomware Description

Ransomware threats are claiming more and more victims on a daily basis. This malware type has become one of the most popular ways for cybercriminals to generate some cash. The fact that the cyber crooks can just borrow readily available code and only alter it slightly adds to the appeal of ransomware as it does not require one to be highly skilled in the field of tech to make some quick money.

Propagation and Encryption

Recently, cybersecurity researchers uncovered a new file-locking Trojan called the Angus Ransomware. Upon studying the Angus Ransomware, experts concluded that it is a variant of the ZeroPadypt Ransomware. Emails containing macro-laced attachments, bogus application updates, and fake pirated variants of popular applications may be among the infection vectors employed by the creators of the Angus Ransomware. If the Angus Ransomware is successful in compromising a system, it will waste no time and run a brief scan, which is meant to determine the locations of the files, which are considered to be of interest. Most ransomware threats target a very wide range of file types to ensure that enough damage is done so that the victim will consider paying the ransom fee. Files such as .mp3, .jpeg, .doc, .ppt, .mov, .mp4, .png, .docx, .jpg and .pptx will almost always be targeted by file-locking Trojans as most users are likely to have them present on their systems. When the Angus Ransomware encrypts a file, it also adds a new extension to it '.Email=[Legion.developers72@gmail.com]ID=[].Angus.' This means that an image, which was called 'golden-pits.jpeg' previously will be renamed to 'golden-pits.jpeg.Email=[Legion.developers72@gmail.com]ID=[]. Angus' after the encryption process is through.

The Ransom Note

In the next step of the attack, the Angus Ransomware drops its ransom note. The note's name is 'HowToDecrypt.txt,' and it reads:

’Your Files Have Been Encrypted

If You Need Your Files You Should Pay Decryption Price

The Steps For Getting Decryption Tool :

1-Send Id On The Files Or HowtoDecrypt.txt Files to Our Email

2-Send 1MB File For Getting Decryption Test to Make Sure You Can Get Your Files Back With Us(The Test File Should Not Contain Valuable Data Like Databases Excel Sheets or Backups)

3- Pay Decryption Price ( Payment Should Be With Bitcoin )

4- Get Decryption Tool With Key

Attention:

Using 3rd Party Applications or Recovery Tools May Damage Your Files permanetly

Your ID :0H1Khr79qvNDB4M
Our Email: Legion.developers72@gmail.com.’

The attackers fail to mention a specific ransom fee, but they state that the user is required to contact them via email ‘Legion.developers72@gmail.com.' Despite not specifying the sum required, the authors of the Angus Ransomware make it very clear that the fee will be demanded in the shape of Bitcoin.

We advise you strongly to resist any urge to contact the cybercriminals responsible for the Angus Ransomware. It is never a good idea to pay cyber crooks not only because your money will only encourage their criminal activities but also because they often do not keep their promises and will likely end up never sending you the decryption key promised. Since the Angus Ransomware is a variant of the ZeroPadypt Ransomware, it may be decryptable using a publicly available decryption tool so that this is something worth exploring definitely. Furthermore, to ensure you do not end up in a similar situation in the future, make sure you download and an anti-spyware security tool.

Do You Suspect Your PC May Be Infected with Angus Ransomware & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Angus Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.