AnonFive Ransomware

What is AnonFive Ransomware?

A new trend to create ransomware on the basis of open-source projects has emerged. AnonFive Ransomware is one of the newest examples containing a code of Hidden-Tear, which calls itself educational ransomware. Although Hidden-Tear, originally, has no intention of causing problems to users, AnonFive Ransomware is completely the opposite. It immediately encrypts users’ personal data (e.g. documents, images, music, and video files) using the AES (Advanced Encryption Standard) encryption algorithm after infiltrating the computer successfully, thus making it impossible for users to access the files they need. Just like other ransomware infections do, e.g. LLTP Ransomware, Lick Ransomware, and BlackJockerCrypter Ransomware, it has been developed by cyber criminals who have only one intention – to extract money from users. Needless to say, the worst decision users can make is to send the required money to cyber criminals. AnonFive Ransomware is, without a doubt, worthy of removal, so go to take care of it instead of transferring your money to bad people. If you read the following articles of this paragraph too, you will find out what you need to do to erase this malicious application.

What does AnonFive Ransomware do?

At the time of writing, the C&C server (Command and Control) of AnonFive Ransomware is down, so, although there is a possibility that it will revive, researchers believe that it should not become prevalent worldwide. Even if it is true, it is still good to know how this malicious application works. First of all, it needs to be told that this infection shares similarities with previously released ransomware infections. Most probably, it is because it has the same purpose. Just like these older threats, AnonFive Ransomware starts encrypting files right after the entrance. It does that by appending a new filename extension .anonfive to those files users would, most likely, pay money for. Then, a ransom note READ_IT.txt is placed on Desktop. It does not tell users anything new – they are informed that the only way to get files back is to pay 0.5 BTC (~$515) to the Bitcoin address 1BYT6TBwwJzr2vXXkhz918VvkB7yb3MgAD. A personal email address needs to be provided in the payment description field too. Although users are told that a decryption password will be sent to them after making a payment to cyber criminals, this is unlikely to happen, so better keep your money to yourself. Keep in mind that this does not mean that you can keep an active ransomware infection on your computer.

AnonFive Ransomware not only encrypts users’ files and drops a ransom note after locking the personal data. Researchers working at anti-spyware-101.com have also noticed that it tries to establish a connection with www.example.com/anonfive/write.php?info=, meaning that it uses the Internet connection and can even slow it down. It is possible to put an end to activities this ransomware infection performs only by deleting it fully from the computer.

Where does AnonFive Ransomware come from?

Since AnonFive Ransomware does not spread actively, it is hard to say which methods it uses to enter computers unnoticed. Of course, specialists still have a theory. They believe that this ransomware-type infection enters computers exactly like similar threats do. This is, it is opened on a user’s computer and starts performing the encryption of files when a user opens an attachment found in a spam email. It does not mean that it could not have entered your system in a different way, of course. Users can also get malware from the web – it is usually promoted as decent software. Last but not least, infections working on your computer behind your back could have helped AnonFive Ransomware to enter the system. As you have probably understood, a computer must be kept clean all the time, so do not let ransomware stay too.

How to delete AnonFive Ransomware

AnonFive Ransomware is not that kind of infection which applies changes on systems so that it could not be easily deleted. There is only one malicious file associated with this threat on your computer – delete it to disable this ransomware infection. If you cannot find it in %USERPROFILE%\Downloads or %USERPROFILE%\Desktop, perform a system scan with a reputable antimalware scanner. It will find where the malicious file is located and then will delete it for you. Other malicious applications/files will be all automatically deleted from the system too, thus leaving your computer perfectly clean.

AnonFive Ransomware manual removal guide

  1. Go to open the Windows Explorer (you need to tap Win and E keys on your keyboard simultaneously).
  2. Check two directories one after the other with the intention of finding the malicious file: %USERPROFILE%\Downloads and %USERPROFILE%\Desktop.
  3. Delete the malicious file you have found.
  4. Empty the Trash bin.
100% FREE spyware scan and
tested removal of AnonFive Ransomware*
Disclaimer
Disclaimer

Leave a Comment

Enter the numbers in the box to the right *