Banner image
Ransomware | 07/04/2019

Armageddon Ransomware | How To Remove It From Your System

About: Worried because of the Armageddon ransomware? Don’t worry the removal steps in this guide will relieve you of its drastic damage

| Ransomware | Armageddon Ransomware | How To Remove It From Your System

Armageddon Ransomware-


Armageddon Ransomware Image


Armageddon Ransomware is a ransomware that has attacked the digital world recently and continues to extort money from innocent people with less knowledge on computers. It is a highly risky infection which was first spotted by S!Ri (siri_urz), a twitter user. Upon its penetration into the System, it encrypts most of the files in the user’s computer system by using the RSA-2048 Encryption Algorithm. Though it does not change the file extensions still the data is encrypted and a pop-up message is displayed seeking the ransom amount to be paid.

For gaining the ransomware encryption, the victims have to buy a decryption key from the developers of that malware. The decryption key for every encryption is different. This makes it hard to decrypt every time it attacks. So, the only way to free your computer is to uninstall Armageddon ransomware.


Encryption Algorithm

It uses RSA-2048. This encryption algorithm is asymmetric, so, it is difficult to decrypt it. The algorithm has a tendency to generate two decryption keys; private and public. The keys are stored in a secured server. This server is controlled by the developers who make sure that the server is difficult to locate or hack. All this camouflage makes it easier for the developers to blackmail the victims.


Armageddon ransomware ransom note


The ransom is around EURO 100 that too has to be made in BTC (Bitcoins- a digital currency). Paying the ransom is not a solution as the victims might be scammed. The developers start ignoring victims after the ransom has been paid.

It is evident as of now, that the RSA cryptography can’t be decrypted by any tool. But, Don’t Worry! We are here to help you, to eliminate Armageddon ransomware.


Threat Summary


Name Armageddon
Type Malware
Category Ransomware, crypto-virus
Operating System Windows
Encryption Algorithm RSA-2048
Infection File encryption


Threat Behavior

Armageddon ransomware encryption resembles many other ransomware that prevailed in the past decade. Each of the ransomware is designed to encrypt the files of your system. This encryption is done using AES or RAS cryptography usually. So recovering the files is impossible. The means via which it usually enters your system can be spam mails, locker apps, third-party cracked versions of software and updates.

After penetrating your system it encrypts your files using RSA cryptography. This encryption bars the user from opening his/her files. This encryption can be unlocked only with the help of the developers. This can be deduced after reading the message that pops up on your window every time you try to open an encrypted file. The message also mentions a ransom amount of EURO 100 to be paid to the developers by way of BTC (Bitcoins).


 How did it infect your PC?

Distribution Techniques-

This type of encryption ransomware attacks the system as soon it gets a safe passage to your computer. This passage is the download and installations of third-party software, spam mails, fake software updates, malicious web-pages and many other sources. All these techniques exhibit same behavior somehow. By the moment you click on or download any of the infections means listed above, a process will run in the background. The background process involves the cryptographic encryptions that modify the set of programs and encrypt your system-files.


How to remove ransomware?

Steps to remove the crypto-virus are as follows:


To restart the system to Safe Mode with Networking,  if already switched ON then follow the below steps:

Windows 7/ Vista/ XP

  1. Click on Windows icon present in the lower left corner of the computer screen.
  2. Select and click  Restart.
  3. When the screen goes blank, Keep tapping  F8  Key until you see the Advanced Boot Options window.
  4. With the help of arrow keys on keyboard, Select Safe Mode with Networking  option from the list and press the Enter Key. The system will then restart to Safe Mode with Networking.

5 Click on the username and enter the password (if any).

Windows 10 / Windows 8

  1. Press and hold the Shift Key and simultaneously click on the windows icon present in the lower left corner of your computer screen.
  2. While the Shift key is still pressed click on the Power button and then click on Restart.
  3. Now select Troubleshoot → Advanced options → Startup Settings.
  4. When the Startup Settings screen appears which is the first screen to appear after restart, select and click on Enable Safe Mode with Networking. The system will then restart to Safe Mode with Networking.
  5. Click on the username and enter the password.


  1. Type “Regedit” in search box / Run Box, select it and press Enter.
  2. An authorization dialog box will appear, then you just have to click “Yes”. (The dialog box appearance may vary depending on OS used. For Windows 10 the the dialog box looks like the first screenshot and for windows 7 it appears like the second screenshot)
  3. In the registry editor, take the backup of the current registry settings before making any changes in case you want to revert to old settings later. For this, Click on File option in the menu and select Export. Save the entry at a known location.
  4. From the Menu, Click Edit and Select Find.
  5. Enter Armageddon ransomware and click Ok in the search box.
  6. Select and delete suspicious  enteries.


Once the system starts, ensure to use an account with administrative privilege to access Safe Mode with Command Prompt.

After the user enters admin credentials, Command prompt window is displayed wherein you are entitled to enter the below commands:

  1. Type the command “sc delete Armageddon” in the command prompt and press Enter.
  2. Type “exit” to exit the command prompt and restart the system in safe mode with command prompt.



Restore your system files and settings

Method 1 using Control Panel

  1. Click on the ‘Start’ button on the taskbar. This will open the Start menu.
  2. Click on the ‘Control Panel’ button in the Start menu. This will open the control panel window.
  3. In the Control Panel window, click on the ‘View by:’ button on the top right. Select the Large Icon option
  4. In the control Panel window click on the ‘Recovery Icon’. This will open a window that will ask ‘Restore the computer to an earlier point in time’.
  5. Click on the ‘Open system restore’ button. This will open the ‘system restore ’window where you need to click on the Next Button.
  6.  Select the restore point that is prior the infiltration of Armageddon ransomware After doing that, click Next.
  7. This will open the ‘Confirm your restore point’ dialog box. Click on Finish button. This will restore your system to a previous restore point before your system was infected by Armageddon Ransomware


Method 2 using Command Prompt

  1. Type cmd in the search box and click on the command prompt to open the Command Prompt window. box and clicking on it.
  2. Once the Command Prompt window shows up, enter cd restore and click Enter.(Ensure that you in the system32 directory of Windows folder in C Drive)
  3. Now type rstrui and press Enter again.
  4. When a new window shows up, click Next and select your restore point that is prior the infiltration of Armageddon ransomware. After doing that, click Next.
  5. This will open the ‘Confirm your restore point’ dialog box. Click on Finish button. This will restore your system to a previous restore point before your system was infected by Armageddon ransomware



Method 3 : Directly type 'rstrui' in the search box

  1. Type ‘Rstrui’ in the search box present on the task bar. This will open the System restore dialog box.

Continue to follow steps 4 & 5 of Method 2 to restore the System Files and settings.


How to prevent your system from getting infected?

To prevent your system from getting infected you need to keep some simple instructions in mind and if possible, follow them on a regular basis.

  • You must keep your operating system updated so that the hackers can’t infect it easily. Older operating systems are easy to target and penetrate.
  • Keep a backup of your important files and maintain it regularly in an external Hard Drive or on cloud. Keeping a data-backup will help you to restore your system anytime to original settings and then you can retrieve your data.
  • Avoid clicking on spam mails, fake updates etc. as these might provide a passage to ransomware. You must also avoid downloading third-party software or cracked versions.
  • You must purchase a good Antivirus that will help you to protect your PC from such threats. To protect your system there are many anti-virus software like Hitman Pro and Vipre that not only stops the ransomware from infecting your computer whereas it also stops it from even entering the codes of your system.

Keep the applications and software on your PC updated in order to avoid any attacks. As the versions that are old are easily hack-able while the updated version are acquainted with programs that allows it to ignore potential threats on its own.

Hits: 156

Leave a Reply

Your email address will not be published. Required fields are marked *

Did you find the article informative? Yes NO

Get Regular Updates Related to All the Threats

Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.

Virus Removal Guidelines
Plot No 319, Nandpuri- B Pratap Nagar
Rajasthan 302033
Phone: +91 9799661866