Threat Database Ransomware Anubis Ransomware

Anubis Ransomware

By GoldSparrow in Ransomware

The Anubis Ransomware is a member of the EDA2 family of crypto malware which includes threats like LockLock, DEDCryptor and VenusLocker. The Anubis Ransomware was discovered in October 2016, and the threat may be presented to PC users via spam email loaded with a macro-enabled document. Documents that support macro are favored by malware developers because macro scripts can be used to execute commands to the Windows services without the user's notice. The distributors of the Anubis Ransomware simply need to invest a bit of time and effort into fooling the user to enable macro, and the payload will be installed automatically. Spam email that carries threats may be sent from email accounts that resemble official accounts of trusted services like Amazon and PayPal, as well as feature logos from AV vendors.

How the Anubis Ransomware is Activated and What It Does

The Anubis Ransomware is programmed to encrypt data on the next system boot and add a scheduled task in Windows to secure its operations. The Anubis Ransomware is packed as a Trojan that is designed to run in the system's background as long as the encryption process takes place. The encryption engine of the Anubis Ransomware takes advantage of the AES and RSA ciphers to lock the victim's data. The Anubis Ransomware is capable of encoding most data containers used to store images, audio, videos, text, presentations, spreadsheets, E-books and databases. Security analysts note that Anubis Ransomware is using the '.coded' file extension to mark affected files. For example, 'candle_festival.jpeg' will be converted to 'candle_festival.jpeg.coded' and will be represented in the Windows Explorer by an icon that looks like a blank sheet of paper.

The Aftereffects of an Infection with the Anubis Ransomware

The threat is named after the Egyptian god of the afterlife Anubis, which is depicted on the ransom message. The Anubis Ransomware changes the desktop background image to a custom wallpaper. The image serves as a notification to the users that have their data locked by Anubis Ransomware. The announcement states:

'HELLO
Time is the most valuable thing you can have.
At the moment all files on the computer encrypted.
Do you want to understand how to get your data and save time,
whrite to this address: support.code@aol.com
If you do not receive responses within 48 hours,
write to: support.code@india.com
Do not forget to read "Decryption Instructions" on your desktop.'

'Decryption Instructions.txt' should be found on the desktop and stores information such as the victim's ID and the email address for contact with the support staff for the Anubis Ransomware. Users will need a decryptor and the private decryption key to unlock their data. The con artists behind it offer the necessary tool and key to users that wish to make a payment to their wallet address via Bitcoin. The 'Decryption Instructions.txt' reads as follow:

'IMPORTANT INFORMATION!
--------------------------
Your Computer ID: [random characters] <---- Remember it and send to my email. -------------------------- All your files are encrypted strongly.! - How to open my file? - You need Original KEY and Decrypt Program - Where can i get? - Email to me: support.code@aol.com or support.code@india.com (Open file Decryption Instructions on your Desktop and send your SID)'

The Support Staff Behind the Anubis Ransomware should not be Trusted

Security experts alert that threat authors should not be trusted. PC users should not hope to receive a decryptor and a key from ‘support.code@aol.com.’ The history of Ransomware teaches us that the people behind such programs do not bother to create a decryptor. The servers for the Anubis Ransomware are changing constantly because AV vendors strive to block access to them as soon as the suspicious activity is detected. Therefore you should skip paying the ransom and seek other means to restore your data. Preferably, you have backup images stored on a removable drive that is unaffected by the Anubis Ransomware. You could use backups from the cloud (Google Drive, Dropbox, OneDrive, etc.). The mechanics to counter threats like the Anubis Ransomware involve users making backup images regularly, keeping their OSes up-to-date and using a reliable anti-malware shield.

SpyHunter Detects & Remove Anubis Ransomware

File System Details

Anubis Ransomware may create the following file(s):
# File Name MD5 Detections
1. file.exe 104d38009f6b36bab64b625735907c88 0

Related Posts

Trending

Most Viewed

Loading...