Annabelle Ransomware
The Annabelle Ransomware is a variant of the FTSCoder, a Trojan that can lock your files with encryption, display threatening messages and cause other system errors. The Annabelle Ransomware update of this family is capable of blocking the user's access to the Windows software and features and can interfere with the startup routine particularly. Since this Trojan can cause permanent damage to either the operating system or any stored media, users should have their anti-malware tools delete the Annabelle Ransomware as a high-level threat whenever its presence is a possibility.
A Real Doll of an Extortion Scheme
File-locking Trojans are known, mostly, for their ability to deprive the user of access to content like photos or documents by encrypting the files, using an attack not much different from the archiving features of apps like WinZipper technically. However, the FTSCoder or Stupid Ransomware family of these threats is offering a supporting array of hostile functions that can endanger the entire operating system, as well as any private, saved media. The newest member, the Annabelle Ransomware, bears a strong resemblance to the Jigsaw Ransomware but is possibly even more disruptive than that old threat.
Like most threats of its kind, the Annabelle Ransomware uses encryption to disable different formats of files, such as RTF documents or JPG pictures, and also adds an extension ('.ANNABELLE') to their names. Some of the more unusual aspects of the Annabelle Ransomware's payload that malware researchers are pointing out include:
- The Annabelle Ransomware reboots Windows and replaces the 'Userinit' configuration automatically so that it can force the OS to boot to its ransom note directly.
- The ransoming message is an HTA pop-up window that's very similar to that of the Jigsaw Ransomware's warning and includes instructions on accessing the TOR website and paying a 0.1 Bitcoin ransom for decrypting your files, as well as supporting features, like a countdown element.
- Once its timer hits zero, the Annabelle Ransomware sabotages the MBR, causing the PC to boot to a second error screen directly without loading the operating system.
- Even before this time limit's expiration, the Annabelle Ransomware blocks other applications using IFEO exploits, including Notepad, different Web browsers and the Registry Editor.
The Annabelle Ransomware's message window also includes some elements of social engineering by employing intimidating imagery referencing 'Annabelle,' the doll-themed horror film.
Taking the File-Based Fright out of Your PC
Although this Trojan's threat actor, 'iCoreX0812,' recommends paying the Bitcoin ransom for unlocking your files and disabling the Annabelle Ransomware, malware analysts often find versions of this family as being compatible with free decryption programs. However, promptly disabling the Annabelle Ransomware is critical for re-securing access to a variety of security features and Windows programs. Since this threat also operates in Safe Mode, users should employ other security protocols, as appropriate, such as booting directly from a recovery-based USB.
Back up your files to keep them from suffering any damage that you can't revert, such as non-consensual encryption. Some in-development versions of the Annabelle Ransomware may generate .NET Framework alerts during the initial installation routines, but any users without additional protection against threatening software can't interrupt its payload. Malware experts strongly advise keeping anti-malware software open and updated for catching and removing the Annabelle Ransomware, along with the other members of the Stupid Ransomware family.
The Annabelle Ransomware is a new version of a black hat software project that's gone through psychologically manipulative themes of various types, as readers can see via the BlackSheep Ransomware, the Cyron Ransomware, the Eternity Ransomware or the Haters Ransomware. In every case, the threatening nature of a pop-up only obscures the greatest danger, which lies in the security-disabling functions of the program that's running 'behind the screen.'
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.