Threat Database Ransomware Anubi NotBTCWare Ransomware

Anubi NotBTCWare Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 1
First Seen: August 21, 2017
OS(es) Affected: Windows

The Anubi NotBTCWare Ransomware Trojan is a variant of BTCWare. The Anubi NotBTCWare Ransomware behaves like other BTCWare variants and marks the files that it encrypts with the file extension '.anubi.' The Anubi NotBTCWare Ransomware, like many other encryption ransomware Trojans, is delivered to victims by using corrupted Microsoft Word files that have a macro script, which download and install the Anubi NotBTCWare Ransomware onto the victim's computer. Some variants of the Anubi NotBTCWare Ransomware also will include an email address in the file extension added to the end of the affected files, by adding the string '[anubi@cock.li].anubi' to each affected file.

The Favored Targets of the Anubi NotBTCWare Ransomware are the User-Generated Files

The Anubi NotBTCWare Ransomware was first observed on August 15, 2017. The Anubi NotBTCWare Ransomware will affect the files on all local drives not protected with a password, including external memory devices connected to the infected computer and network shared directories.The Anubi NotBTCWare Ransomware will scan the affected computer for various file types, using a strong encryption method to encrypt any files it finds. The Anubi NotBTCWare Ransomware targets the user-generated files, such as photos, videos, audio, spreadsheets, texts, databases especially, and files that are commonly associated with popular software such as Microsoft Office, Libre Office, Adobe Acrobat, Adobe Photoshop, and numerous others. Once the Anubi NotBTCWare Ransomware encrypts the files, they are no longer recoverable without the decryption key, which the con artists hold in their possession.

The Anubi NotBTCWare Ransomware’s Ransom Demands

Once the Anubi NotBTCWare Ransomware has encrypted the victim's files, the Anubi NotBTCWare Ransomware will deliver a ransom notification to the victim's computer. This notification takes the form of a text file named '__READ_ME_.txt,' dropped on the infected computer's desktop. This file explains what has happened and includes information on how to pay the ransom, offering the victim to decrypt three small files for free. The ransom note delivered by the Anubi NotBTCWare Ransomware attack reads:

'[WHAT HAPPENED]
Your important files produced on this computer have been encrypted due a security problem
If you want to restore them, write us to the e-mail: anubi@cock.li
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
[FREE DECRYPTION AS GUARANTEE]
Before paying you can send to us up to 3 files for free decryption.
Please note that files must NOT contain valuable information
and their total size must be less than 1Mb
[HOW TO OBTAIN BITCOINS]
The easiest way to buy bitcoin is LocalBitcoins site.
You have to register, click Buy bitcoins and select the seller
by payment method and price
hxxps://localbitcoins.com/buy_bitcoins
hxxps://paxful.com/buy-bitcoin
hxxps://bitcointalk.org/
[ATTENTION]
Do not rename encrypted files
Do not try to decrypt your data using third party software, it may cause permanent data loss
If you not write on e-mail in 36 hours - your key has been deleted and you cant decrypt your files
Your ID: [RANDOM CHARACTERS]'

PC security researchers strongly advise computer users to ignore the text of the Anubi NotBTCWare Ransomware ransom note. The people responsible for the Anubi NotBTCWare Ransomware attack cannot be trusted to deliver the decryption key necessary to recover the affected files. Rather, PC security researchers strongly advise computer users to protect their data using an effective file backup system. In this way, the victims of the Anubi NotBTCWare Ransomware attack can recover the compromised files by copying them from the backup. Apart from file backups, PC security researchers strongly advise computer users to use a reliable security program that is fully up-to-date to intercept threats like the Anubi NotBTCWare Ransomware before they manage to take over an infected computer. Since threats like the Anubi NotBTCWare Ransomware may be delivered using spam email attachments, learning to handle them appropriately also is necessary for preventing these attacks.

SpyHunter Detects & Remove Anubi NotBTCWare Ransomware

File System Details

Anubi NotBTCWare Ransomware may create the following file(s):
# File Name MD5 Detections
1. locker.exe 418da7a795c80e45775f822098e1e85b 1

Trending

Most Viewed

Loading...