aptlock

Aptlock surfaced in early 2025 and is characterized by a single-extortion model combined with threats of data leakage. The ransomware encrypts files on Windows systems, appending the extension .aptlock, and then changes the victim’s desktop wallpaper. Victims receive a ransom note named read_me_to_access.txt informing them that their critical company data has been exfiltrated and will be deleted or leaked if they don’t act. They are given 72 hours to initiate contact via Tor-based chat access (using credentials provided in the note), with further warnings issued if no engagement occurs within 5 days. Specific details about intrusion vectors, encryption algorithms used, or known affiliate operators remain undisclosed in public threat intelligence. No reliable evidence links Aptlock to Ransomware-as-a-Service operations or lists any known affiliates.