Anubis Ransomware

Posted by Sarah Stewart on October 17, 2016

What is Anubis Ransomware?

If you come across a bunch of locked files, your Wallpaper has been changed, and you have found a new file on Desktop, you must have Anubis Ransomware on your system. Anubis Ransomware is a computer infection that enters systems without permission and then immediately locks personal files using the AES encryption algorithm. Specialists at anti-spyware-101.com have not found it surprising at all that this threat acts this way because it is based on the EDA2 engine, which is known to be an open-source ransomware infection. All ransomware infections are the same – they seek to obtain money from users. As the main goal of Anubis Ransomware is to extort money as well, it has been classified as a ransomware infection by specialists. Remove Anubis Ransomware and do not pay money it requires. No, it will not tell you immediately that you have to pay a ransom to get the private key to decrypt files. You will find out that the developers of Anubis Ransomware expect you to make a payment and the exact amount of money you have to transfer only when you contact cyber criminals by one of the provided email addresses (support.code@aol.com or support.code@india.com). It is definitely not a wise decision to give cyber criminals what they want because they will not stop developing malicious software. On top of that, it is known that you might receive nothing from them in exchange, i.e. the promised decryption tool might not be sent to you.testtest

What does Anubis Ransomware do?

The second Anubis Ransomware enters the computer, it starts communicating with its C&C (Command and Control) server which uses the IP address 190.14.37.177. It does that to create unique encryption keys to lock files, it stores the decryption key there, and it downloads an image with a ransom note from there. It will be set as Desktop background when all the personal files Anubis Ransomware manages to find on the computer are encrypted. It contains the following text:

HELLO

Time is the most valuable thing you can have.

At the moment all files on the computer encrypted.

Do you want to understand how to get your data and save time, whrite to this address:

support.code@aol.com

If you do not receive responses within 48 hours, write to support.code@india.com

Do not forget to read Decryption Instructions on your desktop.

If your personal files, including those having the .exe filename extension, have already been encrypted, you will also find a new file Decryption Instructions on Desktop. Even though it does not have an extension, you can easily open it with Notepad. You will find the message with a title Important Information there. Actually, you will not find anything new there except the unique ID that you have to send to cyber criminals if you decide to find out more information about the decryption possibilities. We can assure you that cyber criminals responsible for the presence of Anubis Ransomware on your computer will ask you to transfer them money in exchange for the decryption tool. Even though you see a bunch of locked files (they have the .coded filename extension), you should still not pay money for cyber criminals. It is very risky to do that because you might not get anything after making a payment. In other words, cyber crooks might take your money but do not give you the key for unlocking your files. Generally speaking, it might rob you two times in a row.

At the time of writing, unfortunately, a free tool to decrypt files does not exist, so the only way to get files back is to pay money to cyber criminals. As we have mentioned in the previous paragraph, there are no guarantees that you will receive the private key too after you make a payment, so it would be better to wait for the decryption software to be released in the future. It is very likely that specialists will develop a free tool one day, so do not hurry to erase those encrypted files from your computer.

Where does Anubis Ransomware come from?

Our researchers are not 100% sure, but they say that it is very likely that Anubis Ransomware has entered your computer because you have opened an infectious spam email attachment. Do you remember doing that? If so, there is no doubt that your files are all encrypted just because of that. Never open spam emails again even though they look like harmless documents, e.g. an invoice. In addition, you should have a reliable security application enabled on your system. If you miss a harmful infection and it sneaks onto your PC, a trustworthy automatic tool will stand in its way and, consequently, will not allow malware to travel further.

How to delete Anubis Ransomware

Your files will not be unlocked, but you have to delete Anubis Ransomware from your system as soon as possible. If it is the first time a ransomware infection has sneaked onto your PC, we are sure that you do not even know what to do to erase Anubis Ransomware from your system. Below-provided manual removal instructions should help you to eliminate this serious computer infection; however, if you still find the entire process too difficult to erase the infection alone, scan your computer with an automatic malware remover, such as SpyHunter. If you had this scanner installed before the entrance of this ransomware, you need to go to reinstall it before using it because Anubis Ransomware has blocked it too.

Remove Anubis Ransomware

  1. Locate the malicious file you have launched (it might be on Desktop, in the Downloads directory (%USERPROFILE%\Downloads), or another place).
  2. Delete it.
  3. Remove the Decryption Instructions file from Desktop.
  4. Change your Wallpaper.
  5. Empty the Recycle bin.
100% FREE spyware scan and
tested removal of Anubis Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *