Home Malware Programs Ransomware AnimusLocker Ransomware

AnimusLocker Ransomware

Posted: July 2, 2018


The AnimusLocker Ransomware is an update of the Aurora Ransomware, a file-locking Trojan that can block your media and create text messages asking for money to unblock them. Because the AnimusLocker Ransomware's attacks can damage your media permanently, the recommended solutions against this threat always include storing backups of your files somewhere safe, such as a cloud server. Use a dedicated anti-malware application for uninstalling the AnimusLocker Ransomware, which places its components in non-obvious directories.

A New Day's Light on an Old Trojan

The Aurora Ransomware appears set to become another family of file-locking Trojans with numerous but minor variants under the administration of different teams of threat actors. Soon after its update of the Oktropys@protonmail.com Ransomware, malware experts also are finding samples of the AnimusLocker Ransomware, which uses all of the same code for locking files and delivering ransom notes after the fact. Unlike the other update, the AnimusLocker Ransomware is keeping the multiple, redundant ransoming messages that are the Aurora Ransomware's hallmark.

The AnimusLocker Ransomware's development and distribution coincides, chronologically, with that of the Oktropys@protonmail.com Ransomware, which makes it very probable that two, different criminals are handling each campaign. The AnimusLocker Ransomware, after opening, modifies the Windows Registry with an auto-running entry and executes a routine for encrypting different files on the PC via AES. Locations that it may attack can include the desktop or the user's profile sub-directories, and formats at risk are documents, pictures, and other, prominent media types.

Unlike the other update of the Aurora Ransomware, the AnimusLocker Ransomware continues creating a series of numbered duplicates of its TXT ransom notes. The AnimusLocker Ransomware demands a one hundred USD fee via a cryptocurrency, such as Bitcoin, and keeps the original program's fake 'RSA-2048 encryption' assertion intact. Although any victims may wish to preserve the 'key' file in their App Data directories for decryption research, malware analysts encourage against taking the gamble of paying the ransom.

The Proper Level of Animus Towards Trojans After Your Files

The AnimusLocker Ransomware attacks, like those of other Aurora Ransomware variants, lack a public decryption solution for unlocking the user's files easily. The inserted '.animus' extensions make identifying any locked media simple, but malware analysts advise keeping secure backups instead of assuming that decrypting the Trojan's payload will be possible necessarily. Most Windows machines are compatible with the AnimusLocker Ransomware, which drops its components in a variety of locations, including the messages residing in every folder with captured files.

Since the AnimusLocker Ransomware's campaign is extremely new, malware analysts only can provide estimates of how it may infect any Windows PC. Spam e-mails are extremely popular with most threat actors using file-locking Trojans and may hide the installer as any non-threatening document. Business sector systems also are at risk from RDP and brute-force-based attacks. Unless this Trojan's installation is manual, any good anti-malware program should delete the AnimusLocker Ransomware immediately, regardless of its arrival method.

The need to keep your files safe is just as recurrent as new updates to aging Trojans, even ones that are no older than one or two months. Without a backup, easily-produced threats like the AnimusLocker Ransomware could be getting the last laugh on both your PCs and your cryptocurrency wallets.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to AnimusLocker Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.