ATLAS Ransomware

ATLAS Ransomware Description

The ATLAS Ransomware is a ransomware Trojan that seems to be a variant of the CHIP ransomware, which was first observed in November 2016. The ATLAS Ransomware receives its name because it marks files encrypted during its attack with the file extension '.ATLAS.' The ATLAS Ransomware was first observed on April 18, 2017, and seems to be distributed in a way typical of many ransomware Trojans: spam email messages delivering corrupted attachments, in the form of text documents that use corrupted scripts to download and install the ATLAS Ransomware on the victim's computer. Ransomware Trojans like the ATLAS Ransomware are designed to take the victim's files hostage in exchange for a ransom payment. They do this by using a strong encryption algorithm to make the files inaccessible completely, then demanding the payment of a ransom by displaying a ransom note on the infected computer.

How the ATLAS Ransomware Infection Works

The ATLAS Ransomware may be delivered through email tactics. Once the ATLAS Ransomware enters a computer, it will check whether there is a virtual environment or debugger used by PC security researchers to study these threats. The ATLAS Ransomware will scan the victim's files, searching for certain types of files (generally user generated) to encrypt in its attack. The ATLAS Ransomware uses a combination of the RSA and AES encryptions to make the victim's files inaccessible completely, in a way similar to most ransomware Trojans active today. The ATLAS Ransomware communicates with its Command and Control servers located on the TOR network, relaying information about the infected computer and the attack itself, as well as receiving configuration information. The ATLAS Ransomware will encrypt numerous file types, including the following:

.pdf, .xls, .xlsx, .bmp, .doc, .docm, .docx, .html, .jpeg, .jpg, .mp3, .mp4, .php, .ppt, .pptx, .rar, .rtf, .sql, .tiff, .txt, .7z, .zip.

The files that have been encrypted by the ATLAS Ransomware can be recognized because the ATLAS Ransomware will add the file extension '.ATLAS' to the end of each affected file's name. The ATLAS Ransomware also will delete the Shadow Volume Copies and System Restore points, both of which can sometimes be used by computer users to recover from these attacks. The ATLAS Ransomware delivers its ransom note in a text file named 'ATLAS_FILES.txt.' The text of the ransom note used by the ATLAS Ransomware in its attack reads:

'YOUR ID:[34 RANDOM CHARACTERS]
Hello! All Your files are encrypted!
For more specific instructions, please contact us as soon as possible:
atlashelp@protonmail.com
atlasfix@protonmail.com
atlasfix@dr.com
Attention: DO NOT USE ANY PUBLIC DECRYPTERS!
YOU CAN DAMAGE YOUR FILES!
Kind regards, Support Team.
YOUR ID:[34 RANDOM CHARACTERS]'

Dealing with an ATLAS Ransomware Infection

Victims of the ATLAS Ransomware attack are asked to contact the con artists using the email addresses in the ATLAS Ransomware ransom note.They will demand the payment of 0.5 BitCoin (approximately $600 USD) in exchange for the decryption tool. However, paying the ransom amount may not be a solution. The people responsible for these attacks will rarely follow through on their promise of decrypting the victims' files, and may even ask for more money or re-encrypt the victim's files after the attack. Most importantly, paying the ATLAS Ransomware ransom allows these people to continue developing these ransomware Trojans and carrying out more attacks.

The best way to annihilate these attacks is to remove the ATLAS Ransomware infection with a security program and then to replace the affected files with backup copies. Because of this, having file backups is the best protection against the ATLAS Ransomware and most other ransomware Trojans. If computer users can get back their files from the backup source, then the con artists can no longer demand a ransom payment from the victim. It is also important to learn how to spot email tactics and corrupted email attachments since these are such a common way of spreading the ATLAS Ransomware and similar ransomware to computer users.

Infected with ATLAS Ransomware? Scan Your PC for Free

Download SpyHunter's Spyware Scanner
to Detect ATLAS Ransomware
* SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Site Disclaimer

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 5 + 13 ?