ApocalypseVM ransomware decrypter released

AV company Emsisoft has added yet another ransomware decrypter tool to its stable: a decrypter for ApocalypseVM.

The tool works on the latest versions of the ransomware in question.

“To use the decrypter you will require an encrypted file of at least 4096 bytes in size as well as its unencrypted version. To start the decrypter select both the encrypted and unencrypted file and drag and drop them onto the decrypter executable,” the company explains.

The tool compares the two files and, if it can, comes up with the key required to decrypt the files.

The victim can then decide to use it on one, some, or all encrypted files. The tool selects the C: partition of the disk by default, but victims can choose other partitions or files to be decrypted.

Emsisoft recommends testing the key first on a few files, then to proceed decrypting the rest if everything goes well with the test.

How do you know you’ve been hit with ApocalypseVM ransomware?

“Use this decrypter if your files have been encrypted and renamed to *.encrypted or *.locked with ransom notes named *.How_To_Decrypt.txt, *.README.txt or *.How_To_Get_Back.txt created for each encrypted file,” Emsisoft explains.

“The ransom note asks you to contact ‘decryptionservice@inbox.ru’ or ‘decryptdata@inbox.ru’ and contains a personal ID.”