November 17, 2016
Angela Merkel is now also the name of a ransomware cryptovirus. 1200 euros are demanded as payment for decrypting your files. The payload of this ransomware is masked as an updater for the Google Chrome browser. This virus will encrypt your files while placing the .angelamerkel extension to all of them. To see how to remove the ransomware and how you can try to restore your data, read the article to the end.
Angela Merkel Virus – Spread
Angela Merkel ransomware can spread its infection in various ways. The most effective way has proven to be with its payload file masked as an update setup for the Google Chrome browser. After downloading that file and loading it, the malicious script inside it will activate and infect your computer system. You can see the analysis of the executable containing the payload file on the VirusTotal website, from the screenshot shown below:
Angela Merkel ransomware could be spreading that payload file around social media and file-sharing platforms. The malicious script might be cleverly hidden as the setup of other trusted programs and presented as something useful. Do not open files from suspicious links or emails with an unknown origin. You should always do a scan with a security program, first, and check their size and signatures for anything dubious. Read the tips about preventing ransomware from the corresponding forum thread.
Angela Merkel Virus – More Information
Angela Merkel is no longer only a name in politics, but in the computer world as well. That is the name of a new ransomware cryptovirus found by malware researchers from the MalwareHunterTeam, who saw it in the wild a couple of days ago.
When your files get encrypted, they will receive the extension .angelamerkel appended each and every one of them .Angela Merkel ransomware could create entries in the Windows Registry to achieve a higher level of persistence. These registry entries are designed to make this virus launch automatically with every boot of the Windows Operating System.
After your files are encrypted, the payment instructions and demands of the crooks for unlocking your files will be displayed in a window. You can see the ransom note (and lock-screen) from the below picture:
The ransom note reads the following:
The ransom price that this cryptovirus demands as payment for decrypting your data is very high, compared to other ransomware. 1200 euros is a small fortune and you should NOT even consider paying that to the cybercriminals. That will only encourage them to continue making malware of that kind. Also, nobody can give you a guarantee that your data will get restored as it was before if you pay up that sum.
The Angela Merkel ransomware encrypts files and appends the .angelamerkel extension to each one of them. The encryption algorithm that is used is not exactly known but believed to be AES 128-bit according to some researchers. A list with file extensions which the virus seeks to encrypt is still unavailable.
The Angela Merkel cryptovirus is highly likely to erase the Shadow Volume Copies from the Windows operating system by using the command given here:
Continue reading to find out what kinds of methods you can try to restore at least a part of your data.
Remove Angela Merkel Virus and Restore .angelamerkel Files
If your computer got infected with the Angela Merkel ransomware virus, you should have some experience in removing malware. You should get rid of this ransomware as fast as possible before it can have the chance to spread further and infect more computers. You should remove the ransomware and follow the step-by-step instructions guide given below. To see ways that you can try to recover your data, see the step titled 2. Restore files encrypted by Angela Merkel Virus.
Manually delete Angela Merkel Virus from your computer