AnimusLocker Ransomware

What is AnimusLocker Ransomware?

AnimusLocker Ransomware is a newly-discovered malicious application you might encounter if you keep your system completely unprotected, i.e. security software is not installed on it. Ransomware infections are one of the nastiest malicious applications available because they target the most valuable user’s asset – personal files. If this infection ever slithers onto your computer, you will find a bunch of files, including your documents, images, and music, completely encrypted. Additionally, the ransomware infection will kill Windows Explorer. The process should restart automatically, but you will need to launch it yourself if it does not revive. Technically, AnimusLocker Ransomware is not sophisticated malware, but it might still cause a lot of problems, so it would be best not to encounter it. As mentioned, you can prevent malicious software from entering your computer by installing a security application. If it is already too late for prevention, i.e. the ransomware infection has infiltrated your computer and locked your files, you must delete this infection as soon as possible so that it could not encrypt your new files. Unfortunately, you will not unlock your files even if you delete the ransomware infection fully. Most probably, you could not find a free decryptor either.testtest

What does AnimusLocker Ransomware do?

AnimusLocker Ransomware is, without a doubt, a harmful malicious application. Once it gets onto the victim’s computer, it not only kills explorer.exe (Windows Explorer), as mentioned in the first paragraph, but it also locks various files found on the system. These files are marked with the .animus extension. As you have probably already understood, the ransomware infection has been named after the extension it uses to mark encrypted files. Of course, locked files are the first thing you will notice, but it is not the only symptom showing that the AnimusLocker Ransomware entrance was successful. This malicious application also drops three versions of the ransom note to affected folders, i.e. directories that contain encrypted files: ANIMUS_RESTORE.txt, ANIMUS_RESTORE2.txt, and ANIMUS_RESTORE3.txt. They are dropped to the Startup folder too so that the ransom note would be opened automatically when Windows loads up. All three versions of the ransom note contain the same message. First of all, users are told that their files have been encrypted with a “random key” that is “encrypted with RSA public key (2048 bit)” and cannot be cracked in any way. Then, users are told that they can purchase the special decryptor from cyber criminals for 100 USD. Also, the ransom note contains an email address users (j0ra@protonmail.com) can write to. If you want to hear our thoughts, we believe that sending money to malicious software creators is the worst users can do because a) they encourage them to release more malware by transferring money to them and b) there are many cases when users receive nothing in exchange. If you arrive at a decision not to send a ransom, you could restore your files from your backup after the full ransomware removal. Unfortunately, it is impossible to fix encrypted files without the decryptor.

Where does AnimusLocker Ransomware come from?

Let’s now talk about the distribution of AnimusLocker Ransomware. Since this malicious application is a typical ransomware infection, specialists suspect that it should be distributed like other crypto-threats. Specifically speaking, it should be spread via spam emails or might slither onto computers illegally if weak RDP credentials are used. Last but not least, it might end up on your computer with the help of the malicious application that sits on your PC. You will, of course, reduce the risk of encountering AnimusLocker Ransomware if you stop opening spam emails and their attachments; however, you will ensure the 100% protection against malware only by installing reliable security software on your PC.

How do I remove AnimusLocker Ransomware?

AnimusLocker Ransomware drops several components that all need to be removed from the system to delete the ransomware infection fully. Follow our instructions to remove them all manually, but do not forget to launch the explorer.exe process killed by the ransomware infection first if it has not revived automatically. The ransomware infection can be erased automatically instead.

AnimusLocker Ransomware removal guide

  1. Open Task Manager by pressing Ctrl+Shift+Esc.
  2. Click File.
  3. Select Run new task.
  4. Type explorer.exe and click OK.
  5. Remove ANIMUS_RESTORE.txt, ANIMUS_RESTORE2.txt, and ANIMUS_RESTORE3.txt from all directories on your computer.
  6. Check the following directories and remove files listed in the 5th step:
  • %ALLUSERSPROFILE%\Start Menu\Programs
  • %APPDATA%\Microsoft\Windows\Start Menu\Programs
  • %USERPROFILE%\Microsoft\Windows\Start Menu\Programs
  • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs
  1. Delete 000000000.key dropped in %APPDATA%.
  2. Delete all suspicious files you have downloaded recently.
  3. Empty Trash. 100% FREE spyware scan and
    tested removal of AnimusLocker Ransomware*
Disclaimer
Disclaimer

Leave a Comment

Enter the numbers in the box to the right *