Apocalypse Ransomware

The Apocalypse Ransomware is a ransomware Trojan that is used to force computer users to pay large amounts of money. The Apocalypse Ransomware takes the victim's files hostage by encrypting them and then asks for the payment of a ransom to get the key that will decrypt the files. The files encrypted by the Apocalypse Ransomware will have the extension '.ENCRYPTED.' The people responsible for the Apocalypse Ransomware demand that computer users contact decryptionservice@mail.ru for details on how to pay the ransom. Fortunately, there is currently a decryption utility available to help computer users affected by the Apocalypse Ransomware threat.

Recovering from an Apocalypse Ransomware Attack

The Apocalypse Ransomware displays a lock screen containing the ransom note when Windows starts up. Because of this, it is necessary to start up the infected computer in Safe Mode before attempting to remove the Apocalypse Ransomware infection. To disable the Apocalypse Ransomware infection from loading automatically, it is necessary to run MSConfig and remove the entry 'Windows Update Svc.' Once this is done, PC security analysts advise that computer users download the Apocalypse Ransomware decryption utility, provided by threat researchers. Once this is done, simply run the application and follow the instructions to decrypt your files. The Apocalypse Ransomware infection itself should be removed to prevent the files from being encrypted again. To do this, PC security researchers advise the use of a reliable security program that is fully up-to-date.

The File Extensions Targeted by the Apocalypse Ransomware

When the Apocalypse Ransomware enters a computer, it stores its executable file, 'windowsupdate.exe', in the program files folder. The Apocalypse Ransomware creates an AutoRun entry called Windows Update Svc which starts up automatically when Windows starts up. The purpose of this program is to encrypt all files except those located in the Windows folder, and those that have the following extensions (so that the affected computer will still start up and run):

.dat, .bat, .bin, .encrypted, .ini, .tmp, .lnk, .com, .msi, .sys, .dll, .exe.

Every time the Apocalypse Ransomware encrypts a file, it adds the extension '.ENCRYPTED' to the encrypted file and drops a ransom note in the form of a text file named How_To_Decrypt.txt with the name of the encrypted file added to the name of the ransom note. After the Apocalypse Ransomware has finished encrypting the victim's files, the Apocalypse Ransomware displays a lock screen that prevents computer users from accessing their computer. The ransom note and lock screen display the following message:

IF YOU ARE READING THIS MESSAGE, ALL THE FILES IN THIS COMPUTER HAVE BEEN CRYPTED!!
documents, pictures, videos, audio, backups, etc
IF YOU WANT TO RECOVER YOUR DATA, CONTACT THE EMAIL BELOW.
EMAIL: decryptionservice@mail.ru
WE WILL PROVIDE DECRYPTION SOFTWARE TO RECOVER YOUR FILES.
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
IF YOU DONT CONTACT BEFORE 72 HOURS, ALL DATA WILL BE LOST FOREVER
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

The following is a different ransom note that has also been associated with the Apocalypse Ransomware:

Attention!
All your data was Encrypted!
If you wanna get it back contact via email:
decryptservice@inbox.ru
Your Personal ID: XXXXXXXX
WARNING: If you don't contact next 72 hours, then all DATA will be damaged unrecoverably!!!

Preventing the Apocalypse Ransomware Attacks

As with most encryption ransomware Trojans, the best way of dealing with the Apocalypse Ransomware is through preventive measures. Malware analysts advise computer users to use a reliable security program that is fully up to date to protect their computers from threats. Unsolicited email attachments should be ignored or researched before opened. The best way to prevent these attacks, however, is to always backup all files on an external device. Although there is a decryption utility available for the Apocalypse Ransomware currently, most of the time the files encrypted by ransomware Trojans like the Apocalypse Ransomware cannot be decrypted without the proper key. If computer users have a backup of the files, then it is not necessary to recover the encrypted files, since it is simply a matter of restoring them from the backup.

SpyHunter Detects & Remove Apocalypse Ransomware