1.888.900.DRIZ (3749)
The Driz Group
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog

Cybersecurity Blog

Thought leadership. Threat analysis. Cybersecurity news and alerts.

2/27/2018

0 Comments

All You Need to Know about the Annabelle Ransomware Virus

 
Annabelle ransomware

All You Need to Know about the Annabelle Ransomware Virus

Ransomware is a major security risk for individuals, businesses, organizations, and governments today.

As more and more sensitive data is stored online, cyber-criminals continue to find ways to profit from its destruction or leaking. The Annabelle virus is a recent example of how creative and damaging ransomware can be, though it ultimately poses less risk to victims than other, more severe viruses.

What is the Annabelle Ransomware Virus?

The Annabelle virus incorporates the titular character from the recent horror movies, based around a possessed doll first introduced in The Conjuring. The virus is designed to create maximum chaos in computers, by:

  • Disabling firewalls
  • Turning off Windows Defender
  • Encrypting files
  • Deactivating security programs
  • Infecting USB drives

All of this is bad enough and can leave your system a sitting duck. However, the Annabelle ransomware virus also replaces the target computer’s master boot record with a strange loader demanding payment in exchange for the infection’s removal.

Your computer can become infected by the Annabelle virus through malware ads, tainted downloads, fraudulent updates, and emails. It basically employs the same tactics other viruses have for years.

How Does the Annabelle Ransomware Virus Work?

Once the Annabelle virus has infiltrated your Windows computer, it will start to configure when you next boot it up. The infection shuts down Task Manager, Process Hacker, Chrome, Process Explorer, Notepad, Internet Explorer, Msconfig, and other programs you might depend on every day.

Your security defenses will be deactivated too, leaving you without Windows Defender and other systems you need.

The virus creates chaos in your system, spreading through autorun.inf files. However, this is ineffective against more recent versions of Windows, as they lack the autoplay feature.

The Annabelle ransomware virus will then begin to launch its encryption phase with a static key. It encrypts all of your media, documents, and databases, adding a new extension – ‘.annabelle’.

Once all of the pieces are in place, the ransomware virus reboots your computer. You will find it now locked, with a picture of the grotesque Annabelle accompanied by a ransom note.

It reads:

“How can I get my personal key? Well, you need to pay for it. You need to visit one of the special sites below & and then you need to enter your personal ID (you find it on the top) & buy it. Actually it costs exactly 0.1 Bitcoins”

What the culprits lack in good writing, they make up for in technique. The lock screen credits a creator referred to as iCoreX0812, and provides a means to reach them via Discord (a freeware VoIP app). 0.1 Bitcoin is worth just under $1000 at the time of writing, and paying the ransom would supposedly eliminate the virus from your computer.

Still, as it turns out, victims have no need to actually pay said price to decrypt their system.

Can You Remove the Annabelle Ransomware Virus?

The creator behind the Annabelle virus used a hard-coded key to develop it. As a result, it employs an identical key to infect every single computer, which enabled the resourceful Michael Gillespie to find a solution.

Gillespie is a malware security researcher and creator of ID Ransomware. He devised a special decryption tool able to restore files and remove the Annabelle virus with minimal hassle. He released this free of charge, demonstrating an altogether more positive, generous attitude than the person (or persons) behind the ransomware.

The Annabelle virus was made using Stupid Ransomware, and Gillespie updated his Stupid Decryptor tool as a solution.

Given the use of a static key, it’s believed that the creator of the ransomware was more interested in showing off their skills and causing chaos on victims’ systems rather than actually gaining any financial reward.

It’s unbelievable that someone would inflict such frustration and potential damage upon strangers just for their own amusement, but it seems to be the case. The effects of having an encrypted device could be incredibly costly and distressing, for individuals and businesses alike.

Cyber-criminals can utilize ransomware to disrupt governments or businesses, potentially costing them significant amounts of money out of maliciousness. Businesses lose more than $2K for each case of ransomware (on average), though the price of liberation can be much higher.

A ransomware attack cost the University of Calgary 20,000 CAD in May 2016, and ransomware was found to cost companies an overall $75 billion each year.

However, even if there was no solution for the Annabelle ransomware virus, you’re always recommended to refuse payment. Though it’s understandable that you would want to take the quickest option and take the culprit at their word, the people behind the attacks typically leave the encryption in place once they have their money, leaving victims to suffer the effects and seek their own fix.

The Annabelle virus differs from other ransomwares like Russenger and Cypher, as it used a static key. Others tend to employ algorithms creating unique decryption keys, essentially meaning that only the original developers can fix the issue.

For computers infected with a virus that cannot be decrypted, the only way to correct the problem is to restore a backup. This may still result in loss of data, which can be hugely problematic for businesses and organizations especially, but lets you start afresh.

Creating regular backups to preserve your data can help you minimize damage caused by potential ransomware, but you need to keep these on remote servers or external storage (which remain unplugged from the system itself, to avoid infection).

You can reduce your risk of falling prey to ransomware by being more careful online. Suspicious emails from questionable sources should be deleted straight away and never interacted with. Only download programs and applications from official sites, and make sure you keep your security updated for the most cutting-edge precautions.

The Annabelle ransomware virus is, thankfully, a lesser danger – but it serves as a powerful reminder to up your security game.

0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Author

    Steve E. Driz, I.S.P., ITCP

    Picture
    View my profile on LinkedIn

    Archives

    March 2023
    February 2023
    January 2023
    December 2022
    June 2022
    May 2022
    February 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    October 2016
    August 2016
    May 2016
    March 2016
    January 2016
    November 2015
    October 2015
    August 2015
    June 2015

    Categories

    All
    0-Day
    2FA
    Access Control
    Advanced Persistent Threat
    AI
    Artificial Intelligence
    ATP
    Awareness Training
    Botnet
    Bots
    Brute Force Attack
    CASL
    Cloud Security
    Compliance
    COVID 19
    COVID-19
    Cryptocurrency
    Cyber Attack
    Cyberattack Surface
    Cyber Awareness
    Cyber Espionage
    Cybersecurity
    Cyber Security
    Cyber Security Consulting
    Cyber Security Insurance
    Cyber Security Risk
    Cyber Security Threats
    Cybersecurity Tips
    Data Breach
    Data Governance
    Data Leak
    Data Leak Prevention
    DDoS
    Email Security
    Fraud
    GDPR
    Hacking
    Impersonation Scams
    IoT
    Malware
    MFA
    Microsoft Office
    Mobile Security
    Network Security Threats
    Phishing Attack
    Privacy
    Ransomware
    Remote Access
    SaaS Security
    Social Engineering
    Supply Chain Attack
    Supply-Chain Attack
    Third-Party Risk
    Virtual CISO
    Vulnerability
    Vulnerability Assessment
    Web Applcation Security
    Web-applcation-security
    Web Application Firewall
    Web Application Protection
    Web Application Security
    Web Protection
    Windows Security
    Zero Trust

    RSS Feed

Picture

1.888.900.DRIZ (3749)

Managed Services

Picture
Web Application Security
​Virtual CISO
Compliance
​Vulnerability Assessment
Free Vulnerability Assessment
Privacy Policy | CASL

About us

Picture
Testimonials
​Meet the Team
​Subsidiaries
​Contact us
​Blog
​
Jobs

Resources & Tools

Picture
​Incident Management Playbook
Sophos authorized partner logo
Picture
© 2023 Driz Group Inc. All rights reserved.
Photo used under Creative Commons from GotCredit