Home / Spyware Help / Apocalypse Ransomware Removal Guide

Apocalypse Ransomware Removal Guide

by 0 Comments

Do you know what Apocalypse Ransomware is?

Apocalypse Ransomware is a newly released malicious program that encrypts almost all data on user’s computer. It tries to scare its victims into paying the ransom as it promises to damage encrypted data if you do not contact the malware’s creators in 72 hours. In addition, the infection also locks user’s screen, so there is not much you can do with your PC. We understand that you might be in a panic if the files on your computer were the only copies of them. Nevertheless, users should not despair as there are ways you can try to recover encrypted data, unlock computer’s screen and delete the malware. Rash decisions are always a bad idea, so it would be better if you would read more about the infection first and then decide what to do. Users who are already certain that they want to erase the malicious program can scroll below the text and use the removal guide.

The ransomware is rather new, and it might be distributed in other ways, but for now it was noticed that it can infect computers through malicious email attachments. Probably, the file should come from an unknown sender. As curious as you might be, you should never open such files without even scanning them with an antimalware tool. Many infections are spread through malicious files that come with spam emails. Thus, if an attachment looks somehow suspicious or you do not recognize its sender, it is better to delete the letter that it came with or check this file with a security tool.

As Apocalypse Ransomware settles in your system, it places a malicious executable file called windowsupdate.exe. This file should be placed in the C:\Program Files (x86) or C:\Program Files directory. Afterward, the malware should create an autorun entry that would allow it to launch itself when you log on. Also, it should lock user’s screen and block some programs, e.g. Task Manager, Explorer. If your computer is infected with Apocalypse Ransomware, then the only thing that you should be able to see is a white screen with a text that says “IF YOU ARE READING THIS MESSAGE, ALL THE FILES IN THIS COMPUTER HAVE BEEN CRYPTED!!”Apocalypse Ransomware Removal GuideApocalypse Ransomware screenshot
Scroll down for full removal instructions

Apparently, Apocalypse Ransomware can encrypt almost all files on user’s computer, except data that is in the Windows folder or has the following extensions: .dat, .bat, .bin, .encrypted, .ini, .tmp, .lnk, .com, .msi, .sys, .dll, .exe. The warning on user’s screen should say that you must contact the ransomware’s creators with this email decryptionservice@mail.ru if you want to get the decryption software. The reply should give you instructions on how to pay the ransom.

Our researchers found out that there is a working decryptor, which was created by IT specialists. Thus, before you rush to transfer the money, you should look for this tool on the Internet and try it out. We are advising this because there are no guarantees that the malware’s creators will provide you the decryptor. Users who think they have nothing to lose should be aware that they could lose their savings for no reason.

With no reassurances that your files would be actually restored once you pay the ransom, we would advise against it. Therefore, we prepared a removal guide that should help you delete Apocalypse Ransomware from your computer. As you see, the instructions below show how to restart infected computer in Safe Mode with Networking. Once you restart your PC in Safe Mode, you will be able to use it normally. That is when users should follow the second part of the instructions that will tell you how to find and erase the malicious file. If you complete these tasks, Apocalypse Ransomware should be eliminated. However, some users might find it too difficult to delete the ransomware manually. If you feel that it is too complicated, leave this job to a trustworthy security tool. It will help you locate the malware and erase it from your system automatically.

Restart your system in Safe Mode with Networking

Windows 8/Windows 10

  1. Press Windows Key+I.
  2. Click the Power button, press and hold Shift, then click Restart.
  3. Select Troubleshoot and pick Advanced Options.
  4. Choose Startup Settings and click Restart.
  5. Press F5 and restart your computer.

Windows XP/Windows Vista/Windows 7

  1. Navigate to Start, press Shutdown options, and then select Restart.
  2. Press and hold F8 the moment your system is restarting.
  3. Choose Safe Mode with Networking from the Advanced Boot Options window.
  4. Press Enter and log on.

Eliminate Apocalypse Ransomware

  1. Open the Explorer (Windows Key+E).
  2. Copy and insert C:\Program Files (x86) or C:\Program Files into the Explorer.
  3. Locate a file named as windowsupdate.exe and right-click to delete it.
  4. Empty your Recycle bin.

In non-techie terms:

Apocalypse Ransomware should not be taken lightly as it is a serious threat that can do a lot of damage to your data. Especially if you did not prepare for such emergency, e.g. made copies of your files on removable media devices. When it comes to paying the ransom, we would advise you not to risk losing your money. The malware was created by cyber criminals, and if they refuse to give you the decryption software, you will not be able to do anything about it. The best you can do is to learn from this experience, erase the malware from your computer and ensure that nothing like this happens in the future. The ransomware can be deleted manually, but if you are an inexperienced user, you should remove it with a reliable antimalware tool.