APT Ransomware v2.0

APT Ransomware v2.0 targets Windows OS and is distributed via third-party toolbars, free software, files downloaded through P2P networks and torrents, and spam emails containing malicious links and attachments. Once installed, APT Ransomware v2.0 searches local and mounted network drives for files to encrypt and, once found, it encrypts them using RSA-4096 and appends .dll to the file names. It also creates a ransom note named DECRYPT_YOUR_FILES.HTML and places it into each folder that contains encrypted files. APT Ransomware v2.0 maintains persistence by modifying the registry and disables Windows Automatic Repair. The ransom demand is 1 Bitcoin.


  • Sensors Tech Forum provides more information on APT Ransomware v2.0 here.

  • The NJCCIC is not aware of any free decryption tools available for APT Ransomware v2.0.