Apophis Ransomware
The Apophis Ransomware is a file-locking Trojan from the Jigsaw Ransomware family, which can encrypt your files and, additionally, delete them over time. Backups and free decryption software can help with data recovery. However, malware experts also recommend uninstalling the Apophis Ransomware with anti-malware software securely as soon as possible for stopping the ongoing loss of your files.
Egyptian Gods with a Taste for File Data
The Jigsaw Ransomware family, well-known for both its Saw movie references and its file-deleting clock, is continuing its slight but unabated growth. While this new member, the Apophis Ransomware, doesn't block the user interface like its close relative, the Monument Ransomware, it does hold files hostage and threaten them with deletion, similarly to the '.jes File Extension' Ransomware or the Turkish '.justice File Extension' Ransomware. This Trojan may be in mid-development and shows some signs of using an incomplete ransom note.
The Apophis Ransomware's threat actor is using the 'brand' of an Egyptian god of chaos and also hides any direct affiliation with the Jigsaw Ransomware program. The distribution exploits for the Apophis Ransomware appear to be hiding its executable as a fake Firefox update or installer. However, the file's introduction to your PC could occur through different methods, such as e-mail attachments or drive-by-downloads from corrupted websites.
Once it's running, the Apophis Ransomware runs through an AES cryptography procedure that blocks various file formats on your computer automatically, including standard Windows locations, such as the desktop and the Downloads folder. The Apophis Ransomware also places an unknown extension after any previous ones in the names of these files. When it finishes, it generates two sequential pop-ups carrying its ransoming instructions for unlocking the media.
Keeping Antiquated Deities Extinct
As a rough analog to Satan, Apophis or Apep is an appropriate mascot for the Apophis Ransomware's campaign, which can delete additional files every hour, as well as upon every system restart. Due to these extra hazards, which are typical of the Jigsaw Ransomware family, malware experts warn any users to reboot their PCs only after taking steps for disabling the Apophis Ransomware's startup routine, which is Registry-based. Examples of alternate startup options include using the Safe Mode feature or, most reliably, booting from another device such as a Universal Serial Bus or USB drive.
The Apophis Ransomware's attacks include instructions on paying Bitcoins for a decryption application. Since the Apophis Ransomware's family is compatible with a free decryption program, courtesy of the cyber-security researcher Michael Gillespie, any victims should avoid paying and using that solution, whenever backups are unavailable. However, quarantining or removing the Apophis Ransomware always should take priority since an infection can result in the recurring deletion of your files.
Since the Apophis Ransomware's ransoming website is Russian-based, its campaign may be targeting residents of that nation and nearby countries. However, the Apophis Ransomware and the Jigsaw Ransomware are a danger to files everywhere, and, unlike most file-locker Trojans, ones operating on very unforgiving schedules.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.