Anonpop Ransomware

The Anonpop Ransomware is a ransomware Trojan that, at first glance, looks similar to most encryption ransomware Trojans. However, there seems to be no encryption associated with the Anonpop Ransomware attack. Rather, the Anonpop Ransomware outright deletes its victims' files, as well wreaks havoc on the infected computer. If the Anonpop Ransomware is installed on your computer, PC security analysts strongly advise computer users to remove the Anonpop Ransomware with the help of a reliable security program that is fully up-to-date immediately and avoid paying any ransom associated with the Anonpop Ransomware.

The Anonpop Ransomware Attack can be Neutralized Easily

The Anonpop Ransomware pretends to be an encryption ransomware threat essentially but is rather similar to a screen locker or similar ransomware threat instead. Fortunately, it is possible to recover the files deleted by the Anonpop Ransomware using a Shadow Volume Explorer or other recovery programs after the Anonpop Ransomware has been deleted completely. When the Anonpop Ransomware is installed, its attack is simple. The Anonpop Ransomware will delete one file from any of the following paths every time it runs:

%USERPROFILE%\Documents\
%USERPROFILE%\Downloads\
%USERPROFILE%\Pictures\
%USERPROFILE%\Music\
%USERPROFILE%\Videos\
%USERPROFILE%\Contacts\
%USERPROFILE%\Favorites\
%USERPROFILE%\Searches\
C:\Program Files\Google\
C:\Program Files\Windows Defender\
C:\Program Files\Mozilla Firefox\
C:\Program Files\Internet Explorer\
C:\Program Files (x86)\Google\
C:\Program Files (x86)\Internet Explorer\
C:\Program Files (x86)\Mozilla Firefox\
%AppData%\Local\Temp\
%USERPROFILE%\Desktop\
D:\
E:\
F:\
H:\
G:\
I:

The Anonpop Ransomware downloads a JPG image that is displayed on top of the Windows desktop to prevent computer users from accessing their computers. This JPG message contains the Anonpop Ransomware's ransom message, which claims that it is necessary to pay $125 within 24 hours or $199 after this time is past to recover the files. Supposedly, the victim's files will all be deleted after 72 hours. In fact, the files in the paths above will already have been deleted, and the Anonpop Ransomware will be executed every time Windows runs. The Anonpop Ransomware causes Windows to log off automatically after 60 seconds.

How the Anonpop Ransomware may be Delivered to Its Victims' Computers

The Anonpop Ransomware may be distributed using corrupted spam email messages. The email message that has been associated with the Anonpop Ransomware, in particular, claims to be a complaint from the Office of the Attorney General. This email will claim that there was a complaint filed against the victim, with an embedded link leading to the supposed complaint or an attached corrupted PDF file. In fact, the link installs the Anonpop Ransomware on the victim's computer. The following is an example of the email message that has been associated with the Anonpop Ransomware attack:

From: The Office of The Attorney General
Subj: The Office of The Attorney General Complaint Body:
Dear Business Owner:
A complaint has been filed against your Business. Enclosed is a copy of the complaint which requires your response. You have 10 days to file a rebuttal if you so desire. You may view the complaint at the link below. complaint376878.pdf Rebuttals should not exceed 25 pages and may refer to any additional documents or exhibits that are available on request. The Office of The Attorney General cannot render legal advice nor can The Office of The Attorney General represent individuals or intervene on their behalf in any civil or criminal matter. Please review the enclosed complaint. If filing a rebuttal please do so during the specified time frame.
Sincerely, The Office of The Attorney General ---------------------------------------------------------------------
This document and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this email.

When computer users click on the embedded link, a corrupted ZIP file containing a fake PDF file is downloaded. When this PDF is opened, it downloads and installs the Anonpop Ransomware on the victim's computer, carrying out its attack and wreaking havoc on the victim's PC.