AngleWare ransomware is a HiddenTear based crypto virus that infects PC users, encrypts critical data and extorts money from the victims. It is a derivative of MafiaWare ransomware which was first detected in January this year. All kidnapped files are inaccessible by no app installed on the infected machine. They also have the malicious extension .AngleWare appended at the end of their original filenames. Crooks have left a message for the victims in a file dropped on the desktop called READ_ME.txt. They demand the insane ransom of 3 BTC which at this point equals to $3102.03 USD.
With this article, we aim to help all of you who are victims of the AngleWare ransomware to clean and secure your computer from the threat. Our advice is to avoid the ransom paying and make an attempt to restore your corrupted files with alternative methods. Hopefully, a free working decryptor will be available soon.
Damage Caused by AngleWare Ransomware Infection
The infection process starts with the execution of the malicious AngleWare payloads that are dropped on your computer. Once the malicious executable file called AngleWare.exe is running on your system, it enforces an in-depth scan of all computer drives. The scan aims to find particular data that is included in AngleWare’s target list of extensions. Whenever the threat detects a match, it utilizes a strong encipher algorithm (AES) and encrypts the file. All encrypted files receive the suffix .AngleWare appended as an extension after their original filenames.
If you are a victim of the AngleWare ransomware, you may find out that all your MS Office files, documents, images, videos, music, archives and text files are encrypted, have the .AngleWare file virus extension and are inaccessible.
Next AngleWare drops a file called READ_ME.txt on the desktop. The file represents a ransom note left by the hackers. Through it, they force victims to pay them a ransom of 3 BTC in order to send the decryption software and the right decryption key.
Here is what the full ransom message reads:
Your files has been encrypted by AngleWare
Pay 3BTC to my bitcoin address 1NEcE8ffNZqAucBtp42a5YXMMUSLY7YfEP
And send the proof to my email [email protected]
As an additional damage caused by the crypto virus are Windows Registry modifications that make its presence on the computer more sustainable.
Ransomware Intrusion Techniques
The most common social engineering trick used by the hackers is spreading of spammed emails. The senders may impersonate legitimate sources like your bank, your electricity provider, your colleague even a friend of yours. Always think twice before you act further with emails that contain links, buttons, attachments or a combination of these components. Usually, the crooks skillfully corrupt these components by injecting the malware code into them so once you grant them access to your browser or computer the infection with AngleWare ransomware also finds its way.
Except emails, the social networks are yet another place where crooks may be spreading the malicious AngleWare payloads. The threat may be hidden in links with clickbait content, a video thumbnail or even a compromised file send in a private message.
Remove Ransomware and Decrypt .AngleWare Virus Files
Even if you decide to pay them the insane ransom have in mind that there is no guarantee that the extortionists will send you the right decryption key that will restore encrypted data.
For the sake of your security, it’s better to avoid any negotiations with the criminals. However, there is no doubt that you should remove AngleWare ransomware from the infected computer in order to continue its regular usage. If you skip the removal step, the malicious payloads of AngleWare will be running on your system each time you start the PC. Thus all of your new files that are among AngleWare target list will also be encrypted. Below you could find detailed removal guide and choose your way to remove the ransomware completely.
We also recommend you to make copies of all encrypted files and store them in a backup before you make any attempts to restore your data. So you can save them until a working decryption solution is available.
Summary of AngleWare Ransomware
Name |
AngleWare Ransomware |
File Extension |
.AngleWare |
Ransom |
3 BTC ($3102.03 USD) |
Easy Solution |
You can skip all steps and remove AngleWare ransomware with the help of an anti-malware tool. |
Manual Solution |
AngleWare ransomware can be removed manually, though it can be very hard for most home users. See the detailed tutorial below. |
Distribution |
Spam emails, malicious URLs, malicious attacments, exploit kits, freeware. |
AngleWare Ransomware Removal
STEP I: Start the PC in Safe Mode with Network
This will isolate all files and objects created by the ransomware so they will be removed efficiently.
-
1) Hit WIN Key + R
- 2) A Run window will appear. In it, write “msconfig” and then press Enter
3) A Configuration box shall appear. In it Choose the tab named “Boot”
4) Mark “Safe Boot” option and then go to “Network” under it to tick it too
5) Apply -> OK
Or check our video guide – “How to start PC in Safe Mode with Networking”
STEP II: Show Hidden Files
-
1) Open My Computer/This PC
2) Windows 7
-
– Click on “Organize” button
– Select “Folder and search options”
– Select the “View” tab
– Go under “Hidden files and folders” and mark “Show hidden files and folders” option
3) Windows 8/ 10
-
– Open “View” tab
– Mark “Hidden items” option
4) Click “Apply” and then “OK” button
STEP III: Enter Windows Task Manager and Stop Malicious Processes
-
1) Hit the following key combination: CTRL+SHIFT+ESC
2) Get over to “Processes”
3) When you find suspicious process right click on it and select “Open File Location”
4) Go back to Task Manager and end the malicious process. Right click on it again and choose “End Process”
5) Next you should go folder where the malicious file is located and delete it
STEP IV: Remove Completely AngleWare Ransomware Using SpyHunter Anti-Malware Tool
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
STEP V: Repair Windows Registry
-
1) Again type simultaneously the Windows Button + R key combination
2) In the box, write “regedit”(without the inverted commas) and hit Enter
3) Type the CTRL+F and then write the malicious name in the search type field to locate the malicious executable
4) In case you have discovered registry keys and values related to the name, you should delete them, but be careful not to delete legitimate keys
Further help for Windows Registry repair
STEP VI: Recover Encrypted Files
- 1) Use present backups
- 2) Use professional data recovery software
-
– Stellar Phoenix Data Recovery – a specialist tool that can restore partitions, data, documents, photos, and 300 more file types lost during various types of incidents and corruption.
- 3) Using System Restore Point
-
– Hit WIN Key
– Select “Open System Restore” and follow the steps
- 4) Restore your personal files using File History
-
– Hit WIN Key
– Type “restore your files” in the search box
– Select “Restore your files with File History”
– Choose a folder or type the name of the file in the search bar
- – Hit the “Restore” button
STEP VII: Preventive Security Measures
-
1) Enable and properly configure your Firewall.
2) Install and maintain reliable anti-malware software.
3) Secure your web browser.
4) Check regularly for available software updates and apply them.
5) Disable macros in Office documents.
6) Use strong passwords.
7) Don’t open attachments or click on links unless you’re certain they’re safe.
8) Backup regularly your data.
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter