Angleware Ransomware Removal Guide

Do you know what Angleware Ransomware is?

Ransomware is probably the most prominent of highly malicious computer infections these days. Our cyber security experts recently found one called Angleware Ransomware and testing has shown that this ransomware was designed to encrypt your personal files and then offer you to pay money for a decryption tool to decrypt them. However, instead of complying with their demands, you ought to remove the malicious program because you cannot trust cyber criminals to keep their word because all they care about is making easy money.

In the event Angleware Ransomware manages to infect your computer, it will scan all drives for files of interest and then begin the encryption process. Malware researchers have found that this particular ransomware was configured to encrypt your files with the AES-256 encryption algorithm. This algorithm has a 256-bit key size and a 128-bit block size. Thus, its encryption is quite strong and decrypting it using third-party decryption tools may not be possible. While encrypting your files, this ransomware might add an additional file extension “.AngleWare” that serves to indicate which files file were encrypted.

Apparently, this particular ransomware can encrypt file extensions that include ".exe", ".txt", ".doc", ".docx", ".xls", ".xlsx", ".ppt", ".pptx", ".odt", ".jpg", ".png", ".csv", ".sql", ".mdb", ".sln", ".php", ".asp", ".aspx", ".html", ".xml", ".psd", ".zip", and ".rar." As you can see, this particular ransomware targets Microsoft Office and other documents, images, executables, file archives, and so on. The intention is clear here: this program was set to target files that are more likely to feature personal and, thus, valuable information for which you might pay the hefty ransom. Once the encryption is complete, Angleware Ransomware will open tcp 49488, 49495- 49496 ports on the PC and send your computer’s name, user name, and password to www.tlmb-center.com using HTTP protocol (80 port) with GET parameters. Then, it will drop a ransom note named READ_ME.txt which contains information such as the amount to be paid which is 3 BTC. It will also include the Bitcoin wallet address to send the money as well as the email address that you have to message in order to get your decryption program. However, as we mentioned earlier, you cannot trust cyber crooks to keep their word.

Our malware experts have concluded that Angleware Ransomware is part of the Hidden-Tear ransomware family that also includes Korean Ransomware, CryptoKill Ransomware, and Redants Ransomware. All of these programs were coded in the .Net framework programming language and feature the AnyCPU architecture, but 32-bit is proffered nonetheless. Angleware Ransomware and its counterparts are quite simple yet effective ransomware-type programs. There are dangerous, and you should be aware of your PC might become infected with them.

Given that Angleware Ransomware is similar to other Hidden-Tear ransomware, researchers say that this ransomware might also be distributed using email spam that is send from a dedicated email server. The emails are probably disguised as legitimate and feature this ransomware’s main executable as an attached file. The file may be zipped and contain an executable called mafiaware.exe or AngleWare.exe, but the name can vary. Depending on whether you open or extract it the executable can be dropped on the desktop, in the Downloads folder or the Temp folder.

In summary, Angleware Ransomware is a computer infection that was designed to encrypt your personal files and then demand that you pay a ransom for the decryptor. It can encrypt your personal files but they might not be worth the hefty ransom, so we suggest that you remove this malware using SpyHunter which is our recommended anti-malware solution or the removal guide we have included below.

Removal Guide

  1. Hold down Win+E keys.
  2. Type the following file paths in the address box and press Enter.
    • C:\Users\[User name]\Downloads
    • C:\Users\[Username]\Desktop
    • C:\Windows\Temp
  3. Find either mafiaware.exe or AngleWare.exe
  4. Right-click it and click Delete.
  5. Empty the Recycle Bin.

In non-techie terms:

Angleware Ransomware might infect your PC via malicious email spam and then immediately encrypt many of your personal files for the purpose of extracting money from you. You should not pay the ransom because there is no guarantee that you will get the decryptor. You should consider removing this infection using the guide above or an anti-malware tool.