Home Malware Programs Ransomware Angry Duck Ransomware

Angry Duck Ransomware

Posted: October 24, 2016

Threat Metric

Threat Level: 8/10
Infected PCs: 4,576
First Seen: October 24, 2016
Last Seen: February 5, 2023
OS(es) Affected: Windows

The Angry Duck Ransomware is a Trojan that displays extortion messages for ransoming money from the PC's operator, theoretically, for reversing its encryption attack. Current samples of the Angry Duck Ransomware show questionable encryption capabilities, although malware experts do encourage having backups to make the issue irrelevant to your information security. Anti-malware tools should be allowed to quarantine or remove the Angry Duck Ransomware whether or not you need to decrypt any damaged content.

The Quack that Roared for Your Wallet

The art of intimidation always is key to the deployment of ransom-based Trojans, which includes both screen-locking and data-encoding threats. Although the ransom messages the con artists deliver to your desktop often are high on threats, they may play loose with technical facts, such as the kind of encryption in use. Malware experts often find Trojans that exaggerate the intricacy of their encryption algorithms, but the Angry Duck Ransomware is a rare sample for claiming to use a nonexistent type of data cryptography.

File encryption Trojans like the Angry Duck Ransomware most frequently use a two-part, asymmetric encoding method that employs the AES-128 for encoding your data, and, then, a variant of the RSA for encoding the former's key. The Angry Duck Ransomware claims that it uses the AES-512, a 512 bit-sized string that would make its encryption more complicated than current US military standards significantly. However, this cipher doesn't exist and is unlikely to be in development in the future due to its impracticality and lack of application currently. In contrast, its supposed RSA protection boasts a bit size that most PC security researchers could crack with minimal effort.

The Angry Duck Ransomware delivers these erroneous details, along with a stock photo of a duck, in an image file that it most likely locks to the PC's desktop. Malware experts also found a third, equally unusual element in its ransom demands: the size of the Bitcoin payment, which, at current conversion rates, is over six thousand USD.

A Duck with Worse Looks than Its Bites

The earliest samples of the Angry Duck Ransomware do show limited functionality for modifying the PC's native files, such as appending an '.adk' extension to their names and inserting an internal marker (a comment string informing the reader of the data's encryption by 'ANGRYDUCK'). Based on the simplicity of this threat, malware experts recommend that victims without other choices look for help in the PC security community for decoding any lost data. Backups not local to the infected hard drive also offer an even more reliable solution against the Angry Duck Ransomware and almost all similar file encrypting Trojans.

Continue taking all standard precautions when disinfecting your PC and restoring any data. Restart in Safe Mode as per the instructions provided by your operating system's developer, and run anti-malware tools for identifying and removing the Angry Duck Ransomware, as well as any associated delivery vehicles (such as Trojan downloaders). Paying the Angry Duck Ransomware's ransom, while a possible recovery method, is a risky option that malware experts heavily discourage in almost all situations.

The Angry Duck Ransomware is a low-level threat with a restricted payload, but its simplicity also shows that even the inexperienced can endanger others with threatening software. Whether it's a hardened con artist or a 'script kiddy' behind the Angry Duck Ransomware, it's just as much a danger to an unprotected computer.

Loading...