ANAMI Ransomware
The ANAMI Ransomware is an encryption ransomware Trojan that was first observed on February 10, 2019, and carries out a typical version of these tactics. The ANAMI Ransomware is a variant of the Globe Imposter 2.0 Ransomware, a large family of ransomware threats that has been active for some time. The ANAMI Ransomware, like most encryption ransomware Trojans, will take the victims' files hostage and then these victims will need to pay a ransom to get back the compromised data.
How the ANAMI Ransomware Works
The ANAMI Ransomware, like most threats of this kind, uses a strong encryption algorithm to make the victim's files inaccessible, with the decryption key being stored on the ANAMI Ransomware's Command and Control servers and away from the reach of the victims or PC security providers. The ANAMI Ransomware attack can be spotted easily because the ANAMI Ransomware adds the file extension '.ANAMI' to each affected file, which makes the files compromised by the ANAMI Ransomware to become unusable completely. The ANAMI Ransomware targets the user-generated files, which may include files with the following extensions:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The ANAMI Ransomware's Ransom Note
The ANAMI Ransomware delivers a ransom note in the form of an HTML file named 'how_to_back_files.html,' which loads the following message onto the victim's Web browser:
'Your personal ID
[random characters]
YOUR FILES ARE ENCRYPTED!
ALL YOUR IMPORTANT DATA HAS BEEN ENCRYPTED.
To recover data you need decryptor.
To get the decryptor you should:
Send 1 test image or text file to reverso@qq.com or reverso@cock.li
In the letter include your personal ID (look at the beginning of this document).
We will give you the decrypted file and assign the price for decryption all files
After we send you instructions how to pay for decryption and after payment you will receive a decryptor and instructions. We can decrypt one file in quality the evidence that we have the decoder.
Attention!
Only reverso@qq.com can decrypt your files
Do not trust anyone reverso@qq.com
Attempts to self-decrypting files will result in the loss of your data
Decoders other users are not compatible with your data, because each user's unique encryption key'
The criminals have linked two emails to the ANAMI Ransomware:
'reverso@qq.com'
'reverso@cock.li'
However, computer users should either not contact any of these emails or follow the instructions in the ANAMI Ransomware's ransom note. Doing this may expose computer users to additional hoaxes. Instead, they should take defensive steps to ensure that their data is safe from threats like the ANAMI Ransomware. The best protection against the ANAMI Ransomware is to have file backups since it will be a quick and safe way to recover the compromised data.
