Severity scale:  
  (99/100)

Apocalypse ransomware virus. How to remove? (Uninstall guide)

removal by Jake Doevan - - | Type: Ransomware
12

Apocalypse virus continues to attack computer users: aggressive and active in 2017

Apocalypse virus seems to be a poorly programmed ransomware[1] that has already been decrypted by a well known virus researcher Fabian Wosar[2]. If you are dealing with ApocalypseVM or Fabiansomware, which are two different versions of this file-encrypting malware, you should know that they both have been defeated and you can use free decrypters to recover your files. However, don’t forget that cyber criminals are stubborn people so have been trying to earn as much money as possible, so they can easily add new updates to each of their viruses. Besides, no matter if there is a free decrypt tool available on the Internet or not, you still need to remove Apocalypse ransomware from your computer. For that you can use Reimage.

The first version of Apocalypse ransomware encrypted files by appending .encrypted file extensions to them. However, the latest its version comes with changes and uses more complicated file extension which consists of such details as victim’s country code, victim’s ID, etc. The extension which is used by the latest version of Apocalypse looks like that:[the name of the file].id-*[8characters]+countrycode[cryptservice@inbox.ru].[random7characters]. Besides, this ransomware variant creates an individual copy of the ransom note for each file, named like [Filename].encrypted.How_to_Decrypt.txt. The ransom note is usually named as [md5].txt. As soon as this virus finishes its encryption procedure, it also deletes Volume Shadow Copies to prevent the user from recovering them. The virus also installs a malicious version of file named windowsupdate.exe which is usually used Microsoft or Apple[3]. This file is assigned to Startup programs and is used to display the lock screen that provides the following information:

IF YOU ARE READING THIS MESSAGE, ALL THE FILES IN THIS COMPUTER HAVE BEEN CRYPTED!!
documents , pictures, videos, audio, backups, etc

IF YOU WANT TO RECOVER YOUR DATA, CONTACT THE EMAIL BELOW.
EMAIL: 
WE WILL PROVIDE DECRYPTION SOFTWARE TO RECOVER YOUR FILES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
IF YOU DONT CONTACT BEFORE 72 HOURS, ALL DATA WILL BE LOST FOREVER

Different versions of Apocalypse malware provide different contact emails, such as decryptdata@inbox.ru, ransomware.attack@list.ru, decrptionservice@mail.ru, getdataback@bk.ru, datarecovery@bk.ru or fabianwosar@mail.ru. The most recent version of Apocalypse reportedly uses crypt32@mail.ru email address (this version was spotted on January 22, 2017). No other modifications were discovered, so we assume that previous email accounts were probably closed for security reasons. Speaking about Apocalypse/Al-Namrood ransomware, we cannot provide any information regarding the ransom price since these viruses do not provide any information on what amount of money do the cyber criminals want in exchange for the data. Either way, it is not advisable to pay up as it only benefits the crooks[4], whereas you may be left without your money as well as your data. Besides, you can try decrypting your files with decryption tools that have been released by malware researchers. You can find informative guide on how to remove Apocalypse as well as data recovery instructions in the tutorial provided below the article.

Can you keep your computer safe from ransomware viruses?

As long as your computer is not infected with any virus, your main priority should be protecting your device with a triple-layer protection. First of all, you should use the best antivirus technology, second, you should use it alongside anti-malware or anti-spyware software, and finally, you should create data backups. It is also recommended always to keep your operating system updated to its latest version, to eliminate any vulnerabilities[5]. On top of that, you should keep watch for the virus yourself. Pay attention to your Inbox because ransomware viruses like Apocalypse usually spread through malicious emails. Do not open suspicious emails or download added attachments. This should help to keep the virus away. However, viruses are unpredictable and can use a variety of different techniques to get into your computer. So if you have already been infected, you should start thinking about Apocalypse removal without wasting time.

Apocalypse removal help

If you are planning Apocalypse removal, you should seriously weigh your capabilities. Do you have the proper skills to do it? Is your computer equipped with powerful antivirus software? If you answered “YES” to both of these questions, you are ready for the virus removal. You will have to use a reputable antivirus scanner to detect and remove Apocalypse virus and its related files from your device. However, some computer knowledge will be needed if any problems occur in the process. If your antivirus is having difficulties removing the virus, you will have to follow special instructions to block some of the viruses most aggressive processes. You will find these instructions below.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Apocalypse ransomware virus you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Apocalypse ransomware virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.

Manual Apocalypse virus Removal Guide:

Remove Apocalypse using Safe Mode with Networking

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

Before you start Apocalypse removal, restart your computer using instructions provided here. This will help to protect the system from unexpected virus’ behavior and help to create a safe environment for your antivirus software. Sometimes viruses try to block antivirus programs, but when computer is booted in a Safe Mode with Networking, viruses no longer can do that.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Apocalypse

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Apocalypse removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Apocalypse using System Restore

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

In case the previous method didn’t work, rely on these instructions.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Apocalypse. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Apocalypse removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Apocalypse from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

Please do not even think about paying the ransom and do not follow instructions cybercriminals provide. Experienced malware researchers managed to find flaws in Apocalypse’s code that allowed them to create free decryption tools. Before using them, remove Apocalypse ransomware from the system first. You can find the link to download the Apocalypse decryption tool in the instructions provided below.

If your files are encrypted by Apocalypse, you can use several methods to restore them:

Recover some files with Data Recovery Pro

Data Recovery Pro is for sure a reliable tool that can help you to restore encrypted data quickly. Although it might not successfully restore all data, this tool is definitely worth a try. However, we suggest using Data Recovery Pro only if the Apocalypse decryption methods explained below fail to help you with data recovery.

Recover your files using these decryption tools

There are several decryption tools that can recover files encrypted by Apocalypse. Download the proper one to restore your files. You will need one healthy file sample and one encrypted file sample to decrypt the rest of the data:

1. Apocalypse decryption tool. This tool works for victims who find these file extensions appended to original filenames: .encrypted, .Encryptedfile, .FuckYourData, or .SecureCrypted.

2. ApocalypseVM decryption tool. This tool can decrypt files encrypted by a different version of Apocalypse, which appends either .encrypted or .locked file extensions to encrypted data. Your malware removal tool should help you determine which version of this ransomware has attacked your PC. 

3. Fabiansomware decrypter. This decryptor restores files that have .encrypted file extensions appended to them. Works for victims who were asked to contact these emails: fwosar@mail.ru or fabianwosar@mail.ru.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Apocalypse and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Jake Doevan
Jake Doevan - Computer technology expert

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Jake Doevan
About the company Esolutions

References

Removal guides in other languages