Angela Merkel Ransomware Removal Guide

Do you know what Angela Merkel Ransomware is?

Angela Merkel Ransomware is another infection that uses AES encryption algorithm to encipher user’s data and ask for payment in exchange for the decryption tools. According to our researchers who have tested the malicious program in our internal lab, it is possible that the malware’s creators have not begun to spread it yet or if they did the threat may not be distributed widely. Nonetheless, if the infection appeared on your computer, you should not hesitate to remove Angela Merkel Ransomware. If you want to learn why we urge you to do so, you should continue reading the article as we will tell you more details about this threat. If you decide to eliminate it, you could delete it while following the instructions available at the end of the article or leave this task for a trustworthy antimalware tool.

The malicious program’s creators could be targeting users from Germany, because not only it uses the face of the chancellor Angela Merkel, but also displays a window with a text written in the German language. However, it might be still early to make any assumptions, especially when the infection could be still in the development stage.

Angela Merkel Ransomware enciphers a rather small part of data on the user’s computer. Firstly, it starts with the files placed on user’s Desktop. Then it moves to the %USERPROFILE% folder, which contains the Desktop directory too. As a result, the malware looks for files to encrypt in the same directory twice. As it was mentioned earlier, the malicious program should use an encryption algorithm called AES. During the process, the threat should replace each file’s original extension with .angelamerkel and also change its title with random digits, letters, and symbols.Angela Merkel Ransomware Removal GuideAngela Merkel Ransomware screenshot
Scroll down for full removal instructions

When the infection enciphers all targeted file types from the mentioned directories and their subfolders, the threat should open a separate window with a photograph of Angela Merkel. No doubt that the malware’s window is the ransom note as it instructs users to pay exactly "1200€ in BTC to my wallet to get your decryption key.” The strange thing is that the cyber criminals did not add their wallet address and because of this mistake, users cannot pay the ransom.

Even if it was possible, we doubt that any user would risk such a huge amount of money, just to unlock a couple of files from one directory. In any case, if your computer was infected with the same Angela Merkel Ransomware’s version, you do not have to worry about such dilemma. We would advise you to simply erase the malware. If you had any valuable data and it got encrypted, do not forget that you may be able to recover it if you have any copies of this data.

To get rid of Angela Merkel Ransomware manually you should find a malicious file that you probably downloaded yourself. It could be an infected email attachment, installer, or any other suspicious file or document, so the recommended removal steps below can only advise you where to look for this file or how to erase it. Therefore, it might be better to use an antimalware tool instead, especially if you receive an updated version of Angela Merkel Ransomware, which could act differently. The security tool is rather easy to use because it has a scanning feature that can locate malicious data or programs automatically. Plus, if there are any other threats on the system it could help you erase them too. In any case, if you need some help with the deletion part, let us know by adding a comment below or contacting us through social media.

Remove Angela Merkel Ransomware

  1. Launch the Explorer (press Windows Key+E).
  2. Navigate to the following directories separately: Desktop, Downloads, Temporary Files.
  3. Look for recently downloaded files that could be malicious.
  4. Right-click the malicious file and press Delete.
  5. Close the Explorer and empty your Recycle Bin.

In non-techie terms:

Angela Merkel Ransomware is a recently created threat, and our researchers believe it could still be upgraded. Luckily, the current version is not extremely troublesome as it does not encrypt all files on the infected computer or lock user’s screen. However, it's affected files cannot be encrypted in any way as it is even impossible to purchase a decryption key from the malware’s creators. In such situation, it is recommended to delete the application at once. You could eliminate it manually with the removal guide placed above or with a reliable antimalware tool if you are an inexperienced user.