ApolloLocker Ransomware: Threat Summary
Name | ApolloLocker |
Type | Ransomware |
Risk | High |
File extension | .locked file extension |
Ransom demand | $500 |
Distribution | Spam emails attachments, infected codes and macros etc. |
Infected systems | Windows OS |
ApolloLocker Ransomware : Detailed Information
ApolloLocker Ransomware is yet another file encrypting virus belonging to ransomware category. It soon came into notice as it encrypted files and appended .locked file extension to the existing files. Moreover it dropped instruction on the compromised PC that reads something like this DOSYALARI-KURTAR %num%.txt and DOSYALARI-KURTAR %num%.url which appears to be written in Turkish language. Thus it can be deduced that ApolloLocker ransom virus is targeting Turkish region and its neighboring countries. Unlike other ransom virus, the time-frame for payment of ransom is not clearly mentioned and it states that victims need to pay $500 within few weeks. So there is no deadline set as such and users have ample time for ransom payment. This can be seen as some respite but by no means hackers are in mood to show mercy.
Since ApolloLocker belongs to crypto malware family it has a tendency to steal sensitive credentials when users happen to login net banking system's browser. Also it has an elaborate payment system and as a matter of fact, the malware goes on installing APIs on the compromised PC for the payment of the ransom. It is known to target Windows PC by targeting registry and creating mutant files which are known to modify default settings.
How Does ApolloLocker Ransomware Targets PC?
As of now, it is expected that ApolloLocker ransomware carries its attack using executable files which are malicious in nature. It also uses email campaign which bears infected attachments and convinces users to click and download them on the system. To look more legit, these mails are disguised and appear to have sent across from Agencies such as
- FBI
- Postal Services
- National Courts and Offices
Hence it leaves no stones unturned for the users to believe and get convinced for clicking on the mails as it appears to be quite important. Eventually users have to repent for their own mistakes when their PC has been compromised and they have been victim of ApolloLocker Ransomware.
Is there any Decryptor for ApolloLocker Ransomware?
As of now there is no information regarding ApolloLocker decryptor and hence one should not pay ransom amount to hackers as their request for decryptor keys will be simply turned down despite paying the ransom. Rather victims should insist on removal of ApolloLocker Ransomware by following the guide which has been given below.
Free Scan your Windows PC to detect ApolloLocker Ransomware
Remove ApolloLocker Ransomware From Your PC
Step 1: Remove ApolloLocker Ransomware in Safe Mode with Command Prompt
- First of all disconnect your PC with network connection.
- Click restart button and keep pressing F8 key regularly while system restart.
- You will see “Windows Advanced Options Menu” on your computer screen.
- Select “Safe Mode with Command Prompt” and press Enter key.
- You must login your computer with Administrator account for full privilege.
- Once the Command Prompt appears then type rstrui.exe and press Enter
- Now follow the prompts on your screen to complete system restore.
Step 2: Remove ApolloLocker Ransomware using MSConfig in Safe Mode:
- Power off your computer and restart again.
- While booting press the “F8 key” continuously to open “Windows Advanced Options Menu”.
- Use the arrow keys to select “Safe Mode” option and press Enter key.
- Once system get started go to Start menu. Type “msconfig” in the search box and launch the application.
- Go to the Startup tab and look for files from %AppData% or %Temp% folders using rundll32.exe. See an example below:
C:\Windows\System32\rundll32.exe C:\Users\username\appdata\local\temp\regepqzf.dll,H1N1
- Disable all the malicious entries and save the changes.
- Now restart your computer normally.
Step 3 : Kill Malicious Process Related To ApolloLocker Ransomware
- Press Alt+Ctrl+Del buttons together.
- It will open the Task manager on your screen.
- Go to Process Tab and find ApolloLocker Ransomware related process.
- Click the End Process Now button to stop the running process.
Step 4 : Remove ApolloLocker Ransomware Virus From Registry Entry
- Press “Windows + R” key together to open Run Box.
- Type “regedit” and click OK button.
- Find and remove ApolloLocker Ransomware related entries.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Now hopefully you have completely removed the ApolloLocker Ransomware virus from your computer. If you are still get ransom message from the threat or unable to access your files, then it means that virus still remain into your computer. In such situation you don’t have any other option except removing this virus using any powerful malware removal tool.
Whereas if you have any backup of your infected or encrypted files, then you can also reinstall your Windows OS. This will erase all your files and data as along with the ApolloLocker Ransomware infection. You will get a completely empty computer system with no files. Now you can use your backup to get your files. If you don’t have any backup then using malware removal tool is a better option for you.
If you have any query or question regarding your computer, then you can easily ask your problem to our experts. Go to the Ask Any Question page and get the answer for your query directly from out experts.