Anubis Ransomware
The Anubis Ransomware is a member of the EDA2 family of crypto malware which includes threats like LockLock, DEDCryptor and VenusLocker. The Anubis Ransomware was discovered in October 2016, and the threat may be presented to PC users via spam email loaded with a macro-enabled document. Documents that support macro are favored by malware developers because macro scripts can be used to execute commands to the Windows services without the user's notice. The distributors of the Anubis Ransomware simply need to invest a bit of time and effort into fooling the user to enable macro, and the payload will be installed automatically. Spam email that carries threats may be sent from email accounts that resemble official accounts of trusted services like Amazon and PayPal, as well as feature logos from AV vendors.
Table of Contents
How the Anubis Ransomware is Activated and What It Does
The Anubis Ransomware is programmed to encrypt data on the next system boot and add a scheduled task in Windows to secure its operations. The Anubis Ransomware is packed as a Trojan that is designed to run in the system's background as long as the encryption process takes place. The encryption engine of the Anubis Ransomware takes advantage of the AES and RSA ciphers to lock the victim's data. The Anubis Ransomware is capable of encoding most data containers used to store images, audio, videos, text, presentations, spreadsheets, E-books and databases. Security analysts note that Anubis Ransomware is using the '.coded' file extension to mark affected files. For example, 'candle_festival.jpeg' will be converted to 'candle_festival.jpeg.coded' and will be represented in the Windows Explorer by an icon that looks like a blank sheet of paper.
The Aftereffects of an Infection with the Anubis Ransomware
The threat is named after the Egyptian god of the afterlife Anubis, which is depicted on the ransom message. The Anubis Ransomware changes the desktop background image to a custom wallpaper. The image serves as a notification to the users that have their data locked by Anubis Ransomware. The announcement states:
'HELLO
Time is the most valuable thing you can have.
At the moment all files on the computer encrypted.
Do you want to understand how to get your data and save time,
whrite to this address: support.code@aol.com
If you do not receive responses within 48 hours,
write to: support.code@india.com
Do not forget to read "Decryption Instructions" on your desktop.'
'Decryption Instructions.txt' should be found on the desktop and stores information such as the victim's ID and the email address for contact with the support staff for the Anubis Ransomware. Users will need a decryptor and the private decryption key to unlock their data. The con artists behind it offer the necessary tool and key to users that wish to make a payment to their wallet address via Bitcoin. The 'Decryption Instructions.txt' reads as follow:
'IMPORTANT INFORMATION!
--------------------------
Your Computer ID: [random characters] <---- Remember it and send to my email.
--------------------------
All your files are encrypted strongly.!
- How to open my file?
- You need Original KEY and Decrypt Program
- Where can i get?
- Email to me: support.code@aol.com or support.code@india.com
(Open file Decryption Instructions on your Desktop and send your SID)'
The Support Staff Behind the Anubis Ransomware should not be Trusted
Security experts alert that threat authors should not be trusted. PC users should not hope to receive a decryptor and a key from ‘support.code@aol.com.’ The history of Ransomware teaches us that the people behind such programs do not bother to create a decryptor. The servers for the Anubis Ransomware are changing constantly because AV vendors strive to block access to them as soon as the suspicious activity is detected. Therefore you should skip paying the ransom and seek other means to restore your data. Preferably, you have backup images stored on a removable drive that is unaffected by the Anubis Ransomware. You could use backups from the cloud (Google Drive, Dropbox, OneDrive, etc.). The mechanics to counter threats like the Anubis Ransomware involve users making backup images regularly, keeping their OSes up-to-date and using a reliable anti-malware shield.
SpyHunter Detects & Remove Anubis Ransomware
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | file.exe | 104d38009f6b36bab64b625735907c88 | 0 |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.