AnonFive Ransomware

The AnonFive Ransomware is an encryption ransomware Trojan. Threats like the AnonFive Ransomware have become quite common since 2015. The AnonFive Ransomware follows an attack similar to most ransomware encryption Trojans. The AnonFive Ransomware will encrypt the victim's files using a strong encryption method. Then the victim is asked to pay a large ransom to receive the decryption key necessary to recover the affected files. Threats like the AnonFive Ransomware take the victims' files hostage and then demand a ransom payment to restore the affected files.

The Almost Unbreakable Encryption Used by the AnonFive Ransomware

Malware analysts first detected the AnonFive Ransomware on March 16, 2017. The AnonFive Ransomware belongs to a very large family of ransomware Trojans based on HiddenTear. This is an open source ransomware engine that has been responsible for countless ransomware variants since its public release on GitHub. The AnonFive Ransomware is delivered as a product named 'D3vilH0rn' and with a copyright note registered to 'AFH-MV.' It is clear that the most common way of distributing the AnonFive Ransomware is through corrupted spam email attachments. These messages may imitate messages sent out by legitimate companies and services such as social media platforms and are designed to trick inexperienced computer users into opening the corrupted file attachment. These files contain corrupted scripts that allow con artists to install the AnonFive Ransomware on the victim's computer. Once the AnonFive Ransomware has been installed, it will begin taking over the victim's files.

The AnonFive Ransomware scans the victim's drives in search for files that have certain extensions. The AnonFive Ransomware will encrypt these files using a strong encryption algorithm that combines the AES and RSA encryptions. The AnonFive Ransomware targets numerous file types, ranging from spreadsheets, text documents and databases to audio, video and image files. The purpose of this encryption is to take the victim's data hostage removing the victim's access to them effectively. The AnonFive Ransomware connects to its Command and Control server, where the decryption key is stored, away of reach from the victims or security software. The files encrypted in the AnonFive Ransomware attack can be identified easily because the extension '.anonfive' will be added to the end of each affected file's name. The AnonFive Ransomware delivers its ransom note in the form of a text note.

How the People Responsible for the AnonFive Ransomware may Profit at Your Expense

The main way in which the AnonFive Ransomware makes money for its creators is through its ransom demands. The AnonFive Ransomware delivers its ransom note in a text file named 'READ_IT.txt.' This file is dropped on the victim's Desktop. The file demands that the victim emails a Protonmail email account for information on payment. The AnonFive Ransomware's ransom ranges between 0.1 BitCoin and 0.5 BitCoin (approximately $100 to $550 USD at the current exchange rate). PC security researchers strongly advise against paying this ransom. The con artists may ignore the victim's demands or ask for more money after the ransom has been paid.

Recovering from an AnonFive Ransomware Infection

Unfortunately, the encryption method used by the AnonFive Ransomware is quite strong and makes it nearly impossible to recover the files that have been encrypted during the attack. Because of this, PC security researchers strongly advise computer users to restore their files from the backups. Having backup copies of all files on an external, offline memory device or the cloud is the best way to ensure that the AnonFive Ransomware is not capable of rendering you helpless completely. File backups are the best protection against ransomware Trojans like the AnonFive Ransomware because they remove all of the attacker's power. The con artists no longer have leverage over the victim, since the computer users can recover the files affected in the AnonFive Ransomware attack by restoring them from the backup copy. A reliable security program that is fully up-to-date can ensure that the AnonFive Ransomware does not enter a computer in the first place.