Anonpop Ransomware
Posted: June 28, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 75 |
First Seen: | June 28, 2016 |
---|---|
OS(es) Affected: | Windows |
The Anonpop Ransomware is a Trojan faking the capability of file encryption for encouraging any victims into paying ransoms. The actual effects of the Anonpop Ransomware's payload include deleted data, rather than encryption, along with persistent system reboots and the appearance of ransom-related pop-ups. Good backup protocols and anti-malware tools can help you preserve data from this Trojan's attacks, as well as remove the Anonpop Ransomware from already infected computers.
When a Trojan Isn't What It Claims to Be
With the massive potential profits and overall fecundity of the threatening file encryption industry, it should surprise no one to learn that other con artists are capitalizing on the same trends. In some of the most blatant cases of using threats over real force, new Trojans are emerging with the ability to delete files but not encrypt them, but still loading the same, traditional ransom messages asking for payments for decrypting your data. So far, these threats include the TowerWeb Ransomware and the Anonpop Ransomware, the subject of this article.
The names associated with the Anonpop Ransomware Trojan droppers imply its delivery through e-mail-based attack vectors, using common disguises such as invoices and other, business-related documentation. The Anonpop Ransomware's follows with it deleting the contents of multiple folders, including all Web browser directories, most directories concerned with holding Windows user data, and the Windows Defender program. Except for the latter, which seems to be an attempt to dissuade security-related solutions, the Anonpop Ransomware's targets are the content of the logged-in user (such as Favorites). Malware experts also noted that the contents of drives D through I also are wiped indiscriminately.
Once done, the Anonpop Ransomware hijacks the PC user's desktop with a ransom image themed after the Anonymous hacktivist organization. The Anonpop Ransomware asks for payment within a short period and informs the user that the Anonpop Ransomware has moved all the previously-noted content to a hidden partition falsely. In reality, the Anonpop Ransomware has neither moved nor encrypted your data, merely deleted it.
Popping the Top Off a Lying Trojan Campaign
Even when real file encryptors are the actual threats, malware analysts often find paying ransoms for decryption services to be a high-risk venture with uncertain outcomes. The Anonpop Ransomware shows just how far these risks can go: since there is neither a decryption key nor any encrypted content linked to its attacks, victims have no possibility of gaining anything by paying its ransom. Even real file encryption Trojans are best managed with responsible backups overwriting the encrypted content, or using the decryptors on offer by the security industry.
In a somewhat amateurish omission, current versions of the Anonpop Ransomware Trojans don't take steps for removing the default backup data saved by Windows via the Shadow Copy. As a result, advanced recovery tools should be capable of retrieving all 'deleted' data, provided that the victim acts promptly before any new content overwrites the old information. As noted above, victims have no need to seek out a decryption tool, although such products are free and viable solutions for many of the most prominent, legitimate file encryption Trojans.
You can use default Windows commands to disable other features of the Anonpop Ransomware, which may trigger automatic system restarts until the Anonpop Ransomware is stopped. As soon as you regain unimpeded access to your PC, use your anti-malware software for removing the Anonpop Ransomware, before resolving any other symptoms.
Expediency in responding to threat attacks always is a virtue, but should be tailored with caution. Paying a ransom without considering the consequences can result in poverty at no gain whatsoever.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.