Ako ransomware is the cryptovirus already releasing two versions that target businesses
Ako ransomware is the new strain of ransom-demanding threats that appear affecting networks of organizations, instead of individual machines as typical ransomware. The malware was spotted when it affected the server of the company and particular desktop devices. It was immediately specified that ransomware is new and not a version of a previously known family. It appears that two almost identical versions appear in the wild.
One of them shows the ransom-demanding message and asks victims to contact criminals via email ([email protected], [email protected]), the other one displays the payment window on the Tor website and asks for the payment immediately. Both versions deliver the file named ako-readme.txt on the system after the encryption that contains the ransom note. The threat also marks encoded data with a random extension made from characters and numbers.
The particular Ako ransomware virus doesn’t resemble any previously discovered threats and cannot be associated with malware from the past. This fact makes it more dangerous, but a few samples released by victims gave the opportunity for researchers to analyze the threat in-depth. After the investigation, it was discovered that malware starts the attack by deleting shadow volume copies, clearing backups, disabling file recovery options, and other security functions. Also, to make matters worse and the file recovery less possible, ransomware is set to create registry entries, alter existing keys, and then start encrypting the chosen data.
|Symptoms||The virus encodes files and makes them useless, so the ransom gets demanded, and developers can make money from the victim. The threat also alters settings, disables functions and installs other programs on the system to control more than encoded data|
|File marker||Ako makes a random character extension unique for each victim|
|Versions||Two separate versions of the threat got discovered from samples released by victims. (Samples 1 and 2) The only difference is that one variant directly redirects to payment site and other offers to contact criminals first|
|Possible relation||It is believed that the Ako virus is resembling MedusaLocker due to similarities in coding, behavior and ransom notes. However, ransomware developers stated that this is their own product not associated with any other threats, so this fact cannot be fully confirmed|
|Ransom note||ako-readme.txt – a file that delivers initial instructions and possible solutions to victims|
|Ransom amount||The amount asked from victims starts with 0.5 Bitcoin but can go up to 1 BTC and even more|
|Targets||Large businesses, networks of organizations and companies|
|Distribution||The threat most likely infects machines through hacked Remote Desktop services or malicious emails and websites filled with malware|
|Contact emails||[email protected], [email protected]|
|Elimination||You need to remove Ako ransomware with anti-malware tools that can detect the threat itself and clean the machine from applications and files associated with the threat|
|Repair||Since ransomware runs on the machine and disables functions, deletes particular files, you need to change a lot of the settings and fix the damage. When the virus is removed, go through the system with a PC repair look like Reimage Reimage Cleaner and make sure that registry entries and system files get recovered and fixed|
Like other cryptocurrency-extortion based threats, Ako virus avoids program files, system data, and application-related files when choosing what to encode. When commonly used data gets encrypted, all files become useless and get marked using the random extension generated to signify which files are affected. Once that is done on the particular machine, the virus performs a scan that shows any devices responding to the network connection, so the whole network can get encrypted.
Ako ransomware places the ransom note on the desktop in the text file named ako-readme.txt that contains URL to the Tor payment site where the ransom payment can get transferred. The page also shows the statement “Your network have been locked” that fully determines the particular target of virus developers -networks.
The said ransom note also has a Personal ID that contains the extension, network configuration settings, encrypted key that is needed for decryption. This ID is required on the Tor site when Ako ransomware victims want to access the payment form and see the particular ransom amount, further instructions. The chat service can also be found these, so the person can submit one file for test decryption.
Ako ransomware ransom message displays the following:
Your network have been locked.
All your files, documents, photos, databases and other important data are encrypted and have the extension: .2Zrl5j
Backups and shadow copies also encrypted or removed. Any third-party software may damage encrypted data but not recover.
From this moment, it will be impossible to use files until they are decrypted.
The only method of recovering files is to purchase an unique private key.
Only we can give you this key and only we can recovery your files.
To get info (decrypt your files) follow this steps:
1) Download and install Tor Browser: https://www.torproject.org/download/
2) Open our website in TOR:xxxx: //kwvhrdibgmmpkhkidrby4mccwqpds5za6uo2thcw5gz75qncv7rbhyad.onion/AHXYFYBKTAXNGRZB
3) Paste your ID in form (you can find your ID below)
!! ATTENTION !!
!! Any third – party software may damage encrypted data but not recover.
!! DO NOT MODIFY ENCRYPTED FILES
!! DO NOT CHANGE YOUR ID
!! DO NOT REMOVE YOUR ID.KEY FILE
— BEGIN PERSONAL ID —
*** [556 characters in total]
— END PERSONAL ID —
Ako ransomware uses the AES encryption algorithm and seems to have no flaws in the coding, so decryption is not possible at the time. However, paying is not recommended because cybercriminals cannot be trusted. Many companies that have suffered such infections before, didn’t pay also. If you are related to the company that suffered this attack, rely on professional IT specialist that can recover the network and get rid of the intruder.
Ako ransomware is the cryptovirus that encodes data. The threat has two versions that both encrypt data and demand payment. Ako ransomware creates many issues with your device because threat makes various changes on your system by disabling functions, programs and deleting particular files, or creating entries and adding registry keys. These alterations make the removal process difficult because malicious code runs on the machine without interruption and some security functions cannot work properly to detect the threat.
To reverse those changes that Ako cryptovirus have already made on the system, you should rely on the proper antivirus program that can safely delete registry entries, recover affected ones, repair system files, and settings. If you try to make those changes yourself, functions and settings can get damaged further and possibly get unrepairable. Automatic cleaners like Reimage Reimage Cleaner , or PC repair tools, system optimizers can do that for you and without causing additional issues.
Even though ransomware creators stated that their target networks only, you as an individual user can also experience such infection on the machine. As for Ako ransomware removal or data recovery, individual machines and networks need to be cleaned from all the traces of the virus before any file restoring.
You can try to remove Ako ransomware with anti-malware tools and run the scan on the network, machine, or particular device to find the virus-related files and malicious programs. After this, data backups are the best option for such encoded data and possibly damaged files. You can find a few more options for file recovery below.
Ako ransomware – malware that demands at least 0.479 in Bitcoin for alleged file recovery.
Malicious ways of entering the system
Hackers target valuable information that can be accessed by entering the system with the help of devices and tools. When the system is not properly secured, and vulnerabilities allow breaking through the protection, there are bigger chances that machine gets affected by malware like ransomware.
Breaking in the vulnerable network, server, or device becomes easy when RDP hacking gets used. It is a common technique used by attackers. Another method used by ransomware developers is payload droppers included on malicious sites or attached as files to emails.
When you receive any suspicious email, pay close attention to important details like the sender, attachments, and typos, or grammar mistakes. Malicious actors pose as companies or services to make people less suspicious. Also, keep the system secured and up-to-date by using system tools, security software, and patch needed flaws more often.
Get rid of Ako ransomware virus from the system
You need to note that the Ako ransomware virus is dangerous and can make other changes on your device besides directly affecting those files during encryption. Many system folders, essential files, and crucial program-related data get directly affected by the threat, so you cannot reverse those setting changes.
You need to remove Ako ransomware completely from the machine, including planted malicious files, installed programs, and other malware that keeps the cryptovirus persistent. This is achievable if you go for proper anti-malware tools and scan the machine fully.
Such Ako ransomware removal method allows detecting all traces and cleaning the machine from the virus. You should note that all those system changes require attention too. Rely on Reimage Reimage Cleaner , SpyHunter 5Combo Cleaner, or Malwarebytes and check the machine for any ransomware traces and virus damage. Then go through methods below that show how to restore files.
Remove Ako using Safe Mode with Networking
Reboot the machine in Safe Mode with Networking so you can eliminate Ako ransomware fully
- Windows 7 / Vista / XP
- Click Start → Shutdown → Restart → OK.
- When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
- Select Safe Mode with Networking from the list
Windows 10 / Windows 8
- Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
- Now select Troubleshoot → Advanced options → Startup Settings and finally press Restart.
- Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window.
Log in to your infected account and start the browser. Download Reimage Reimage Cleaner or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Ako removal.
If your ransomware is blocking Safe Mode with Networking, try further method.
Remove Ako using System Restore
Ako ransomware termination can be achieved with System Restore feature that allows recovering the machine in a previous state
Bonus: Recover your data
Guide which is presented above is supposed to help you remove Ako from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.
If your files are encrypted by Ako, you can use several methods to restore them:
Recover your files after Ako ransomware encryption using Data Recovery Pro
You can restore encoded data with tools like Data Recovery Pro
- Download Data Recovery Pro;
- Follow the steps of Data Recovery Setup and install the program on your computer;
- Launch it and scan your computer for files encrypted by Ako ransomware;
- Restore them.
Windows Previous Versions can help you with encrypted files
When you enable System Restore, Windows Previous Versions can be used to restore Ako virus-encoded data
- Find an encrypted file you need to restore and right-click on it;
- Select “Properties” and go to “Previous versions” tab;
- Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.
ShadowExplorer is the possible method for encrypted data
You can use this method when Shadow Volume Copies are not affected by the ransomware
- Download Shadow Explorer (http://shadowexplorer.com/);
- Follow a Shadow Explorer Setup Wizard and install this application on your computer;
- Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
- Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.
Ako ransomware is not decryptable yet
Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Ako and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner , SpyHunter 5Combo Cleaner or Malwarebytes