Skip to content
Published 22 June 2016

You’re victim of ransomware called ApocalypseVM, How to decrypt your files? AV company Emsisoft has added yet another ransomware decrypter tool to its stable: a decrypter for ApocalypseVM.

Ransomware is a type of malware that can be covertly installed on a computer without knowledge or intention of the user that restricts access to the infected computer system in some way, and demands that the user pay a ransom to the malware operators to remove the restriction. The cryptovirology form of the attack has ransomware systematicallyencrypt files on the system’s hard drive, which becomes difficult or impossible to decrypt without paying the ransom for the decryption key. Other attacks may simply lock the system and display messages intended to coax the user into paying. Ransomware typically propagates as a Trojan, whose payload is disguised as a seemingly legitimate file.

The tool works on the latest versions of the ransomware in question.

ApocalypseVM decrypter

“To use the decrypter you will require an encrypted file of at least 4096 bytes in size as well as its unencrypted version. To start the decrypter select both the encrypted and unencrypted file and drag and drop them onto the decrypter executable,” the company explains.

The tool compares the two files and, if it can, comes up with the key required to decrypt the files.

The victim can then decide to use it on one, some, or all encrypted files. The tool selects the C: partition of the disk by default, but victims can choose other partitions or files to be decrypted.

Emsisoft recommends testing the key first on a few files, then to proceed decrypting the rest if everything goes well with the test.

How do you know you’ve been hit with ApocalypseVM ransomware?

“Use this decrypter if your files have been encrypted and renamed to *.encrypted or *.locked with ransom notes named *.How_To_Decrypt.txt, *.README.txt or *.How_To_Get_Back.txt created for each encrypted file,” Emsisoft explains.

“The ransom note asks you to contact ‘[email protected]’ or ‘[email protected]’ and contains a personal ID.”

R&A : Security

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *