ApolloLocker points its daggers to Turkish users

ApolloLocker virus functions as a file-encrypting virus. The ransom note is written in Turkish[1] so the main target is suspected to be the residents of this country.
After the infiltration, the malware appends .locked fie extension. In addition, it drops several files with the instructions: DOSYALARI-KURTAR %num%.txt and DOSYALARI-KURTAR %num%.url[2]. In exchange to the files, the ransomware demands $500. Interestingly, the malware gives ample of time to transmit the money – several weeks.
Besides being crypto-malware, the virus also manifests certain features of browser password stealing. The malware also exhibits an elaborate payment site. During its presence on the system, Apollo Locker downloads shady APIs into the system. Interestingly, it also exhibits tendency to exploit the vulnerabilities of Internet Explorer.
The virus also collects technical information about an infected device. Though it has certain elements of anti-VM behavior, fortunately, multiple security tools detect this virtual threat as Trojan.Ransom.ApolloLock, TR/AD.BrowserPwdStealer.pwihj. W32/Filecoder.NNK!tr.
It functions via ApolloLocker.exe, pe.exe or alternative file name. If you happen to be infected with this crypto-malware, it is high time you performed ApolloLocker removal. FortectIntego or MalwarebytesMalwarebytes will speed up the elimination process.
Ransomware threats are getting “international”
While the majority of crypto-malware threats are created in the US or by crooks who pretend to be residents of this country, there are few viruses oriented at specific countries. Interestingly, Turkish ransomware[3] threats are not a complete rarity as well.
While there have been several samples mostly based on HiddenTear pattern, this one seems to be created on a new pattern. While it delivers an exquisite payment site, IT experts were able to detect certain amusing flaw-like features.
Nonetheless, the virus serves as a full-fledged crypto virus targeting Windows OS. Besides already-discussed features, the malware also tends to access registry keys.[2] It also creates mutant files and modifies proxy settings. Consequently, there are more than enough reasons to remove ApolloLocker virus.
Malware transmission peculiarities
Regarding its tendency to function via a trojan and executable file, it is likely to be spread via spam emails. Note that in order to convince victims to open the corrupted file, perpetrators may disguise as:
- Officers of national court
- Agents of the the FBI
- Post service delivery employees
Note that such emails will always encourage you to one the attachment as soon as possible. In addition, you should not disregard another distribution method – exploit kits and rogue software.
Before downloading any application or enabling a browser extension, make sure it is the genuine version downloaded from its official website. In order to ward off exploit kits, anti-malware security tools will come in handy.
Eliminate ApolloLocker from the operating system
In order to fully complete ApolloLocker removal, you will need an updated security application,. If you cannot launch it, take a look at the below instructions. They display how to perform System Restore or reboot the device in Safe mode to remove ApolloLocker virus permanently.
Note that at the moment, there is no Apollo Locker Decrypter released yet, so it is not recommended to use the one offered by the felons as it may only corrupt the system even more. After you get rid of all ransomware components, you may proceed to data recovery options. Below you will some suggestions.
Was this guide helpful?
Be the first to comment