AnimusLocker Ransomware

The AnimusLocker Ransomware is an update of the Aurora Ransomware, a file-locking Trojan that can block your media and create text messages asking for money to unblock them. Because the AnimusLocker Ransomware's attacks can damage your media permanently, the recommended solutions against this threat always include storing backups of your files somewhere safe, such as a cloud server. Use a dedicated anti-malware application for uninstalling the AnimusLocker Ransomware, which places its components in non-obvious directories.

A New Day's Light on an Old Trojan

The Aurora Ransomware appears set to become another family of file-locking Trojans with numerous but minor variants under the administration of different teams of threat actors. Soon after its update of the Oktropys@protonmail.com Ransomware, malware experts also are finding samples of the AnimusLocker Ransomware, which uses all of the same code for locking files and delivering ransom notes after the fact. Unlike the other update, the AnimusLocker Ransomware is keeping the multiple, redundant ransoming messages that are the Aurora Ransomware's hallmark.

The AnimusLocker Ransomware's development and distribution coincides, chronologically, with that of the Oktropys@protonmail.com Ransomware, which makes it very probable that two, different criminals are handling each campaign. The AnimusLocker Ransomware, after opening, modifies the Windows Registry with an auto-running entry and executes a routine for encrypting different files on the PC via AES. Locations that it may attack can include the desktop or the user's profile sub-directories, and formats at risk are documents, pictures, and other, prominent media types.

Unlike the other update of the Aurora Ransomware, the AnimusLocker Ransomware continues creating a series of numbered duplicates of its TXT ransom notes. The AnimusLocker Ransomware demands a one hundred USD fee via a cryptocurrency, such as Bitcoin, and keeps the original program's fake 'RSA-2048 encryption' assertion intact. Although any victims may wish to preserve the 'key' file in their App Data directories for decryption research, malware analysts encourage against taking the gamble of paying the ransom.

The Proper Level of Animus Towards Trojans After Your Files

The AnimusLocker Ransomware attacks, like those of other Aurora Ransomware variants, lack a public decryption solution for unlocking the user's files easily. The inserted '.animus' extensions make identifying any locked media simple, but malware analysts advise keeping secure backups instead of assuming that decrypting the Trojan's payload will be possible necessarily. Most Windows machines are compatible with the AnimusLocker Ransomware, which drops its components in a variety of locations, including the messages residing in every folder with captured files.

Since the AnimusLocker Ransomware's campaign is extremely new, malware analysts only can provide estimates of how it may infect any Windows PC. Spam e-mails are extremely popular with most threat actors using file-locking Trojans and may hide the installer as any non-threatening document. Business sector systems also are at risk from RDP and brute-force-based attacks. Unless this Trojan's installation is manual, any good anti-malware program should delete the AnimusLocker Ransomware immediately, regardless of its arrival method.

The need to keep your files safe is just as recurrent as new updates to aging Trojans, even ones that are no older than one or two months. Without a backup, easily-produced threats like the AnimusLocker Ransomware could be getting the last laugh on both your PCs and your cryptocurrency wallets.