Anubi NotBTCWare Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 1 |
First Seen: | August 21, 2017 |
OS(es) Affected: | Windows |
The Anubi NotBTCWare Ransomware Trojan is a variant of BTCWare. The Anubi NotBTCWare Ransomware behaves like other BTCWare variants and marks the files that it encrypts with the file extension '.anubi.' The Anubi NotBTCWare Ransomware, like many other encryption ransomware Trojans, is delivered to victims by using corrupted Microsoft Word files that have a macro script, which download and install the Anubi NotBTCWare Ransomware onto the victim's computer. Some variants of the Anubi NotBTCWare Ransomware also will include an email address in the file extension added to the end of the affected files, by adding the string '[anubi@cock.li].anubi' to each affected file.
Table of Contents
The Favored Targets of the Anubi NotBTCWare Ransomware are the User-Generated Files
The Anubi NotBTCWare Ransomware was first observed on August 15, 2017. The Anubi NotBTCWare Ransomware will affect the files on all local drives not protected with a password, including external memory devices connected to the infected computer and network shared directories.The Anubi NotBTCWare Ransomware will scan the affected computer for various file types, using a strong encryption method to encrypt any files it finds. The Anubi NotBTCWare Ransomware targets the user-generated files, such as photos, videos, audio, spreadsheets, texts, databases especially, and files that are commonly associated with popular software such as Microsoft Office, Libre Office, Adobe Acrobat, Adobe Photoshop, and numerous others. Once the Anubi NotBTCWare Ransomware encrypts the files, they are no longer recoverable without the decryption key, which the con artists hold in their possession.
The Anubi NotBTCWare Ransomware’s Ransom Demands
Once the Anubi NotBTCWare Ransomware has encrypted the victim's files, the Anubi NotBTCWare Ransomware will deliver a ransom notification to the victim's computer. This notification takes the form of a text file named '__READ_ME_.txt,' dropped on the infected computer's desktop. This file explains what has happened and includes information on how to pay the ransom, offering the victim to decrypt three small files for free. The ransom note delivered by the Anubi NotBTCWare Ransomware attack reads:
'[WHAT HAPPENED]
Your important files produced on this computer have been encrypted due a security problem
If you want to restore them, write us to the e-mail: anubi@cock.li
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
[FREE DECRYPTION AS GUARANTEE]
Before paying you can send to us up to 3 files for free decryption.
Please note that files must NOT contain valuable information
and their total size must be less than 1Mb
[HOW TO OBTAIN BITCOINS]
The easiest way to buy bitcoin is LocalBitcoins site.
You have to register, click Buy bitcoins and select the seller
by payment method and price
hxxps://localbitcoins.com/buy_bitcoins
hxxps://paxful.com/buy-bitcoin
hxxps://bitcointalk.org/
[ATTENTION]
Do not rename encrypted files
Do not try to decrypt your data using third party software, it may cause permanent data loss
If you not write on e-mail in 36 hours - your key has been deleted and you cant decrypt your files
Your ID: [RANDOM CHARACTERS]'
PC security researchers strongly advise computer users to ignore the text of the Anubi NotBTCWare Ransomware ransom note. The people responsible for the Anubi NotBTCWare Ransomware attack cannot be trusted to deliver the decryption key necessary to recover the affected files. Rather, PC security researchers strongly advise computer users to protect their data using an effective file backup system. In this way, the victims of the Anubi NotBTCWare Ransomware attack can recover the compromised files by copying them from the backup. Apart from file backups, PC security researchers strongly advise computer users to use a reliable security program that is fully up-to-date to intercept threats like the Anubi NotBTCWare Ransomware before they manage to take over an infected computer. Since threats like the Anubi NotBTCWare Ransomware may be delivered using spam email attachments, learning to handle them appropriately also is necessary for preventing these attacks.
SpyHunter Detects & Remove Anubi NotBTCWare Ransomware
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | locker.exe | 418da7a795c80e45775f822098e1e85b | 1 |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.