Remove Angry Duck Ransomware and Restore .adk Files

How to Remove Angry Duck Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

*** ANGRY DUCK ***
All your important files have been encrypted using very string cryptography (AES-512 with RSA-64 FIPS grade encryption)
To recover your files send 10 BTC to my private wallet.

So what is Angry Duck? You probably never thought you’d ask this question. And yet, here we are. The Angry Duck Ransomware is one of the newest file-encrypting programs online. It was discovered just a couple of days ago but it’s already causing worldwide trouble. Therefore, this infection must be tackled as soon as possible. It uses the rather rare AES-512 and RSA-64 FIPS encrypting algorithm. As a result, the ransomware modifies all your personal data. Anything from pictures and music to documents and presentations falls victim to this pest. You no longer have access to your own personal information. It goes without saying there might be some immensely important, valuable files on board. The ransomware doesn’t take into consideration your opinions. Angry Duck adds the .adk extension to the target data. As mentioned, the target data includes pretty much all existing file formats. This is what makes ransomware so dreaded – it holds your information hostage. By utilizing a strong encrypting cipher, Angry Duck renames your files. Instead of their original extension, they now have the malicious .adk one. You’re unable to use ANY of your favorite, precious files. And that’s not even the end of that story. The ransomware also replaces your desktop wallpaper with a picture of an angry duck. If you’re a fan of 9gag, you will immediately recognize the popular meme. However, there’s nothing to laugh about right now.  Your brand new PC wallpaper also contains a short ransom message. According to this note, you have to pay 10 Bitcoin to free your files. Do you know how much money that is? At the moment, 10 Bitcoin equals over 6500 dollars. Now it’s your turn to get angry. Most ransomware-type parasites we come across are a lot more humble when it comes to the ransom. The Angry Duck Ransomware, on the other hand, doesn’t mess around. Crooks are impudent enough to demand a small fortune. The question is, are you going to comply? Even though hackers promise a decryptor, this is a highly questionable bargain. The parasite’s developers are going after your money so your data is no priority. You see, ransomware is nothing but a clever online fraud that you must avoid at all cost. Don’t let crooks scam you and don’t be naive. You could restore your files without paying cyber criminals a single cent. Keep your Bitcoins and keep on reading.

How did I get infected with?

It’s safe to say you didn’t download Angry Duck on purpose. Not many people in the right state of mind would install ransomware voluntarily. Hence, the parasite must have sneaked onto your machine in silence. The most plausible scenario is that this pest was sent straight to your inbox. Take spam emails and messages, for instance. They might turn out to be extremely harmful. That is why you should always be careful online. One single careless click on the wrong email could potentially set free a virus. Delete what you don’t trust and keep your computer infection-free. In order to prevent malware infiltration, you have to be cautious. Avoid illegitimate torrents/websites/software bundles. Also, ransomware could pretend to be a harmless program update. To top it all, these infections also get spread online with the help of Trojans sometimes. Check out the device for more parasites because Angry Duck may not be the only unwanted intruder.

remove Angry Duck

Why is Angry Duck dangerous?

This parasite is indeed very weird. After all, its ransom message involves a picture of a somewhat upset duck. It’s difficult to take such a program seriously. As mentioned, though, you’re dealing with a classic member of the ransomware family. And, ransomware is a particularly nasty, destructive and aggressive type of virus. Just like Locky, Cerber, Exotic, Enigma, this program is harmful. It uses an asymmetric encrypting cipher to lock your private data. Furthermore, it asks for a hefty sum of money afterwards. The ransom note itself is quite simple. According to this message, you have to make a deal with hackers. Ransomware is attempting to blackmail you so make no mistake. Giving your Bitcoins away is not an option and you know it. Ignore this program’s empty promises and fake threats. Uninstall the virus instead. Its ransom message ends with the words: “DON’T MESS WITH THE DUCKS”. However, you shouldn’t let hackers mess with you. To delete the Angry Duck Ransomware manually, please follow our removal guide down below.

Angry Duck Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover Angry Duck Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

  • Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Locate the process of the ransomware. Have in mind that this is usually a random generated file.
  • Before you kill the process, type the name on a text document for later reference.


  • Locate any suspicious processes associated with Angry Duck encryption Virus.
  • Right click on the process
  • Open File Location
  • End Process
  • Delete the directories with the suspicious files.
  • Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

  • Open any folder
  • Click on “Organize” button
  • Choose “Folder and Search Options”
  • Select the “View” tab
  • Select “Show hidden files and folders” option
  • Uncheck “Hide protected operating system files”
  • Click “Apply” and “OK” button

STEP 3: Locate Angry Duck encryption Virus startup location

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.


Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or

  • and delete the display Name: [RANDOM]

delete backgroundcontainer

  • Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

  • Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

windows system restore

  • Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
  • Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.

Leave a Comment