Table of Contents
Seemingly scarier than the movie itself, a new ransomware named Annabelle has surfaced, that does what a ransomware does best. Hijack people’s computer to demand a huge ransom in exchange for their data. If you ask us, this situation is no less than demonic possession as ransomware will put users through hell to retrieve their own data.
In this post, we will let you know what is this ransomware and how it can infect your computer.
What Is Annabelle ransomware?
Annabelle ransomware is a dangerous file-encrypting system malware considered as a Ransomware. Like other ransomwares, it has also been created for make fast money by encrypting data of user computer. It breaches the security of your Computer and display a lock screen message with a film character called “Annabelle” a horror doll.
This ransomware disables your Windows Defender, any installed antivirus and firewall. It also makes changes in the system processes, registry, programs etc. This ransomware amends Image File Execution registry and make your system unresponsive.
Later, it encrypts all your computer data like all files, videos, music files etc.
How can Annabelle ransomware infect your Computer?
The main scheme of infection used by the cyber-criminals is massive malicious spam emails campaigns. In this spam mails then attach an attachment which contains an infected software.
However, there are also other methods via they can infect your Windows Computer.
- Malicious spam email attachments.
- Via visiting on malicious websites.
- Via untrusted online video watching websites.
- Untrusted software downloads
- By infected USB drive, hard disk attached
- malware-loaded ads.
Why Annabelle ransomware become a horror show for users?
Annabelle doll from the movie has certainly become an object of cult-fascination in recent times, due to its horrific visage and frightening backstory. In the same vein, this ransomware is also a nightmare for users that enters their PCs through devious means.
It can disable Windows Defender and turn off the firewall, encrypt files and disable security programs, like Process Explorer, msconfig etc.
Then it automatically starts when a user logs in to Windows then terminates all programs. Later that it modifies entries in the Image File Execution registry so that users can’t open programs. Then it tries to spread through autoru.inf files, however, this technique doesn’t work on newer Windows versions.
But if it got effective, it will start encrypting all data files of your computer and then it will reboot your infected computer and on login displays a lock screen with a message.
The lock screen includes a credits button once user clicks on that it shows a developer named iCoreX0812 made the program and a method to contact them.
Below, you can see the Ransom Note:
What Happened to my files?
All your files are encrypted and secured with a strong key. There is no way to get them back without your personal key.
How can I get my personal key?
Well, you need to pay for it. You need to visit one of the special sites below & then you need to enter your personal ID (you find it on the top) & buy it. Actually, it costs exactly 0.1 Bitcoins.
How can I get access to the site?
You easily need to download the Torbrowser, you can get it from this site: www.torproject.org
What is going to happen if I’m not going to pay?
If you are not going to pay, then the countdown will easily ran out and then your system will be rboken. If you are going to restart, then the countdown will ran out a much faster. So, it’s not a good idea to do it.
I got the key, what should I do now?
Now you need to enter your personal key in the textbox below. Then you will get access to the decryption program.
– The darknet sites are not existing, it’s just an example text. The other things are right, except the darknet thing. It’s possible to get the key, but if I going to do a new trojan, or new version of this then I will add real ways to get the key 🙂 If you wanna that I going to do a 2.0 or a new trojan, then write it below in the comments. Thanks
If you wanna chat with me, contact me easily in discord: iCoreX#1337