Antix Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 5 |
| First Seen: | December 13, 2016 |
| Last Seen: | February 18, 2022 |
| OS(es) Affected: | Windows |
The Antix Ransomware is a Trojan that is used in attacks on the Windows OS users and aims to convince them to transfer 0.25 Bitcoin (195 USD/183 EUR) to a wallet address. The initial release of the Antix Ransomware does not support encryption and behaves like the Trojan behind the Black Virus Lockscreen. Researchers noticed the Antix Ransomware in December 2016 and reported that it features screen locking capabilities. The Antix Ransomware Trojan can be injected into systems via corrupted documents attached to spam emails and fake updates to Adobe Reader from Adobe Systems Inc.
Spam Emails and Fake Update Packages can Introduce the Antix Ransomware to Your PC
The Antix Ransomware is designed to lock your screen when you log into Windows and demands the payment of 0.25 Bitcoin to allow you access to the desktop. The developer of the Antix Ransomware programmed the Trojan to disable the Command Line tool, the Registry, the Task Manager and the MSCONFIG utility. Thus, the user is barred from accessing tools that can be used to bring down the Antix lock screen and regain control of the desktop. The lock screen used by the Antix Ransomware is shown as a window colored in white, which lacks caption buttons in the top right corner. The Antix lock screen provides the following message:
'You Have Been Hacked!!!
All your personal files have been encrypted, and your passwords and info have been copied to an offline server. To get your files and passwords back, send "0.25" bitcoin to the bitcoin address below. Failure to pay by March 1st 2017 will result in loss of ALL data and your passwords and info will be leaked to the public.
Google "How to buy bitcoin" or follow the steps below.
1. Click here to open "https://www.coinbase.com/signup"
2. Signup and buy the amount requested below.
3. Send bitcoin to the address below.
4. Wait until Payment is verified.
Once the payment is verified all your data will be decrypted and this program and the offline server will self destruct.
Warning! Any Attempt to get rid of this program or rebooting your machine will result in the loss of all your data and your passwords and info will be posted online!'
The Antix Ransomware is Used to Extort Numerous Users for Thousands of Dollars
At the time of writing this, the Antix Ransomware accumulated nearly 4900 USD for its operators. We do not encourage paying the ransom even if it is a small price such as 0.25 BTC, which is rather small compared to what the GhostCrypt Ransomware demands. Removing the Antix Ransomware is not too hard, you just need to boot into Safe Mode and use a trustworthy anti-malware scanner to find the Antix Trojan and delete it. You might want to consider installing a backup service and start making backup images since the threat of Antix Ransomware can evolve and support encryption.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.