Ako Ransomware

What is Ako Ransomware?

Our Anti-Spyware-101.com research team is warning Windows users about Ako Ransomware, a malicious file-encrypting threat that was created to corrupt your personal files. The infection does not encrypt exe, .dll, .sys, .ini, and .key files, and it also avoids everything in folders with strings Program Files, Program Files (x86), AppData, boot, PerfLogs, ProgramData, Google, Intel, Microsoft, Application Data, Tor Browser, or Windows in their names. However, it can encrypt ALL personal files if it manages to slither in. What is the purpose of that? Normally, people encrypt files to protect them. Cybercriminals encrypt files to lock out their owners, and that should give them leverage when demanding a payout. Ultimately, the attackers hijack your personal files to make you give up your money. This is why we classify this threat as a “ransomware” – because it is malicious software that demands a ransom. Can you delete Ako Ransomware to get things back to normal? The removal of the infection is very important, but your personal files will not be restored if you eliminate the infection.

How does Ako Ransomware work?

Our research team has a lot of experience with ransomware, and we can reveal that Ako Ransomware is not much unlike BitPyLock Ransomware, 5ss5c Ransomware, C0hen Locker Ransomware, or any other threat from the same category. Even though they are likely to be created by different parties, most of them are spread in the same ways. Most popularly, cybercriminals employ misleading spam email messages to trick victims into opening unreliable file attachments. Whether it is a PDF, a DOC, a ZIP, or a JPG file, if it is sent to you by someone you do not know, you have to think long and hard before opening it. If you are not cautious, you might not even notice when Ako Ransomware slithers in, and if you do not have reliable security software to protect your system and remove malware before it is executed, the attack begins immediately. The threat quickly deletes shadow volumes to ensure that you cannot restore files using internal backups, and it also encrypts all personal files. To mark them, the infection attaches a unique extension made up of random characters. This extension is also introduced to you via “ako-readme.txt and “do_not_remove_ako.{extension}_id.key” files created by the ransomware.

The key file is placed next to the text file, and the latter one should be found in every folder containing the corrupted files. What is the purpose of this file? It is to deliver a message with the ransom demands. The message instructs to download the Tor Browser and visit a unique .onion website to learn more about the ransom. You cannot visit the website without the anonymous Tor Browser, and when you do, you are informed that you need the “{number}-Decryptor” if you want to restore files. To get it, you are supposed to pay a ransom, and when we were faced with the demand, a ransom of 1.688 Bitcoin was requested. This is not a small number at all. In fact, that converted to around 15,000 US Dollars. Isolated Windows users cannot be targeted by Ako Ransomware because that is not the kind of sum that they could pay. Most likely, the infection was created to encrypt files found on the computers that belong to companies. The ransom note also suggests that modifying the encrypted files or removing the ID key file would be a mistake. In fact, it is unlikely that you can get a decryptor regardless of what you do or do not do.

How to delete Ako Ransomware

Before you decide how to remove Ako Ransomware from your operating system, you want to be sure about what is going to happen with your files. You need to understand that your files will not be recoverable, but of course, even if you fulfill the demands of the attackers, you are unlikely to restore them anyway. If you have backups, you can use them after you delete Ako Ransomware. Some victims might decide to delete this infection manually. Unfortunately, we cannot help much with that because the location of the .exe file is unknown. However, if you use an anti-malware program, every single component of this threat will be erased automatically. Beyond that, your system’s protection will be restored too, and so we strongly recommend taking this route when it comes to the removal.

Removal Guide

1. Locate the executable that launched the infection.
2. Right-click the malicious file and select Delete.
3. Right-click and Delete the files named do_not_remove_ako.{extension} _id.key and ako-readme.txt.
4. Empty Recycle Bin and immediately employ a malware scanner to check for leftovers. Download Removal Tool100% FREE spyware scan and
   tested removal of Ako Ransomware*