Angry Duck Ransomware
Posted: October 24, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 8/10 |
---|---|
Infected PCs: | 4,576 |
First Seen: | October 24, 2016 |
---|---|
Last Seen: | February 5, 2023 |
OS(es) Affected: | Windows |
The Angry Duck Ransomware is a Trojan that displays extortion messages for ransoming money from the PC's operator, theoretically, for reversing its encryption attack. Current samples of the Angry Duck Ransomware show questionable encryption capabilities, although malware experts do encourage having backups to make the issue irrelevant to your information security. Anti-malware tools should be allowed to quarantine or remove the Angry Duck Ransomware whether or not you need to decrypt any damaged content.
The Quack that Roared for Your Wallet
The art of intimidation always is key to the deployment of ransom-based Trojans, which includes both screen-locking and data-encoding threats. Although the ransom messages the con artists deliver to your desktop often are high on threats, they may play loose with technical facts, such as the kind of encryption in use. Malware experts often find Trojans that exaggerate the intricacy of their encryption algorithms, but the Angry Duck Ransomware is a rare sample for claiming to use a nonexistent type of data cryptography.
File encryption Trojans like the Angry Duck Ransomware most frequently use a two-part, asymmetric encoding method that employs the AES-128 for encoding your data, and, then, a variant of the RSA for encoding the former's key. The Angry Duck Ransomware claims that it uses the AES-512, a 512 bit-sized string that would make its encryption more complicated than current US military standards significantly. However, this cipher doesn't exist and is unlikely to be in development in the future due to its impracticality and lack of application currently. In contrast, its supposed RSA protection boasts a bit size that most PC security researchers could crack with minimal effort.
The Angry Duck Ransomware delivers these erroneous details, along with a stock photo of a duck, in an image file that it most likely locks to the PC's desktop. Malware experts also found a third, equally unusual element in its ransom demands: the size of the Bitcoin payment, which, at current conversion rates, is over six thousand USD.
A Duck with Worse Looks than Its Bites
The earliest samples of the Angry Duck Ransomware do show limited functionality for modifying the PC's native files, such as appending an '.adk' extension to their names and inserting an internal marker (a comment string informing the reader of the data's encryption by 'ANGRYDUCK'). Based on the simplicity of this threat, malware experts recommend that victims without other choices look for help in the PC security community for decoding any lost data. Backups not local to the infected hard drive also offer an even more reliable solution against the Angry Duck Ransomware and almost all similar file encrypting Trojans.
Continue taking all standard precautions when disinfecting your PC and restoring any data. Restart in Safe Mode as per the instructions provided by your operating system's developer, and run anti-malware tools for identifying and removing the Angry Duck Ransomware, as well as any associated delivery vehicles (such as Trojan downloaders). Paying the Angry Duck Ransomware's ransom, while a possible recovery method, is a risky option that malware experts heavily discourage in almost all situations.
The Angry Duck Ransomware is a low-level threat with a restricted payload, but its simplicity also shows that even the inexperienced can endanger others with threatening software. Whether it's a hardened con artist or a 'script kiddy' behind the Angry Duck Ransomware, it's just as much a danger to an unprotected computer.