Threat Database Ransomware AnimusLocker Ransomware

AnimusLocker Ransomware

By GoldSparrow in Ransomware

The AnimusLocker Ransomware is an encryption ransomware Trojan that was first observed on July 2, 2018. The AnimusLocker Ransomware is designed to take the victims' files hostage and will be installed after the victim opens a corrupted text document containing embedded macros that download and install the AnimusLocker Ransomware. This document will be delivered to the victim using spam email messages, or it may be downloaded from the Internet. There is very little to differentiate the AnimusLocker Ransomware from the many other encryption ransomware Trojans being used to attack computer users currently.

The Animosity Present on the AnimusLocker Ransomware Attack

The AnimusLocker Ransomware seems to be related to the Aurora Ransomware, a ransomware variant released earlier in 2018. The AnimusLocker Ransomware may belong to a larger family of ransomware since there are several other variants of this threat. The AnimusLocker Ransomware, like most encryption ransomware Trojans, uses the AES encryption to encrypt the user-generated files, making them inaccessible. Examples of some of the file types that threats like the AnimusLocker Ransomware will target in their attacks include:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The AnimusLocker Ransomware will add the file extension '.animus' to all files encrypted by the attack, making it simple to know which content has been compromised by the AnimusLocker Ransomware.

The AnimusLocker Ransomware's Ransom Note

The AnimusLocker Ransomware will deliver a ransom note demanding a ransom payment in exchange for a decryption application after encrypting the victim's files and taking these files hostage. The AnimusLocker Ransomware will deliver several versions of the same ransom note, contained in files named 'ANIMUS_RESTORE.txt,' 'ANIMUS_RESTORE2.txt,' and 'ANIMUS_RESTORE3.txt,' which it will drop on the infected computer's desktop. The content of the AnimusLocker Ransomware's ransom notes is:

'<><><># animus locker #<><><>
SORRY! Your files are encrypted.
File contents are encrypted with random key.
Random key is encrypted with RSA public key (2048 bit),
We strongly RECOMMEND you not to use any "decryption tools".
These tools can damage your data, making recover IMPOSSIBLE.
Also we recommend you not to contact data recovery companies.
They will just contact us, buy the key and sell it to you at a higher price,
If you want to decrypt your files, you have to get RSA private key.
In order to get private key, write here:
j0ra@protonmail.com
########
!ATTENTION!
Attach file is 000000000.key from %appdata% to email message,
Without it we will not be able to decrypt your files
########
And pay 100$ on 1G5TThb5tcJ3LQbF4C4Tibgd9y7m3iYPFH wallet
If someone else offers you files restoring, ask him for test decryption,
Only we can successfully decrypt your files; knowing this can protect you from fraud.
You will receive instructions of what to do next.
<><><># animus locker #<><><>'

The AnimusLocker Ransomware is capable of running offline. In these cases, the AnimusLocker Ransomware will not upload the encryption key to its Command and Control servers and, instead, it will save it to an encrypted file named '000000000.key' on the victim's computer. Victims of the AnimusLocker Ransomware attack are instructed to attach this file to an email that they will send to the AnimusLocker Ransomware's controllers.

Trending

Most Viewed

Loading...