Thought leadership. threat analysis, news and alerts.
All You Need to Know about the Annabelle Ransomware Virus
Ransomware is a major security risk for individuals, businesses, organizations, and governments today.
As more and more sensitive data is stored online, cyber-criminals continue to find ways to profit from its destruction or leaking. The Annabelle virus is a recent example of how creative and damaging ransomware can be, though it ultimately poses less risk to victims than other, more severe viruses.
What is the Annabelle Ransomware Virus?
The Annabelle virus incorporates the titular character from the recent horror movies, based around a possessed doll first introduced in The Conjuring. The virus is designed to create maximum chaos in computers, by:
All of this is bad enough and can leave your system a sitting duck. However, the Annabelle ransomware virus also replaces the target computer’s master boot record with a strange loader demanding payment in exchange for the infection’s removal.
Your computer can become infected by the Annabelle virus through malware ads, tainted downloads, fraudulent updates, and emails. It basically employs the same tactics other viruses have for years.
How Does the Annabelle Ransomware Virus Work?
Once the Annabelle virus has infiltrated your Windows computer, it will start to configure when you next boot it up. The infection shuts down Task Manager, Process Hacker, Chrome, Process Explorer, Notepad, Internet Explorer, Msconfig, and other programs you might depend on every day.
Your security defenses will be deactivated too, leaving you without Windows Defender and other systems you need.
The virus creates chaos in your system, spreading through autorun.inf files. However, this is ineffective against more recent versions of Windows, as they lack the autoplay feature.
The Annabelle ransomware virus will then begin to launch its encryption phase with a static key. It encrypts all of your media, documents, and databases, adding a new extension – ‘.annabelle’.
Once all of the pieces are in place, the ransomware virus reboots your computer. You will find it now locked, with a picture of the grotesque Annabelle accompanied by a ransom note.
“How can I get my personal key? Well, you need to pay for it. You need to visit one of the special sites below & and then you need to enter your personal ID (you find it on the top) & buy it. Actually it costs exactly 0.1 Bitcoins”
What the culprits lack in good writing, they make up for in technique. The lock screen credits a creator referred to as iCoreX0812, and provides a means to reach them via Discord (a freeware VoIP app). 0.1 Bitcoin is worth just under $1000 at the time of writing, and paying the ransom would supposedly eliminate the virus from your computer.
Still, as it turns out, victims have no need to actually pay said price to decrypt their system.
Can You Remove the Annabelle Ransomware Virus?
The creator behind the Annabelle virus used a hard-coded key to develop it. As a result, it employs an identical key to infect every single computer, which enabled the resourceful Michael Gillespie to find a solution.
Gillespie is a malware security researcher and creator of ID Ransomware. He devised a special decryption tool able to restore files and remove the Annabelle virus with minimal hassle. He released this free of charge, demonstrating an altogether more positive, generous attitude than the person (or persons) behind the ransomware.
The Annabelle virus was made using Stupid Ransomware, and Gillespie updated his Stupid Decryptor tool as a solution.
Given the use of a static key, it’s believed that the creator of the ransomware was more interested in showing off their skills and causing chaos on victims’ systems rather than actually gaining any financial reward.
It’s unbelievable that someone would inflict such frustration and potential damage upon strangers just for their own amusement, but it seems to be the case. The effects of having an encrypted device could be incredibly costly and distressing, for individuals and businesses alike.
Cyber-criminals can utilize ransomware to disrupt governments or businesses, potentially costing them significant amounts of money out of maliciousness. Businesses lose more than $2K for each case of ransomware (on average), though the price of liberation can be much higher.
However, even if there was no solution for the Annabelle ransomware virus, you’re always recommended to refuse payment. Though it’s understandable that you would want to take the quickest option and take the culprit at their word, the people behind the attacks typically leave the encryption in place once they have their money, leaving victims to suffer the effects and seek their own fix.
The Annabelle virus differs from other ransomwares like Russenger and Cypher, as it used a static key. Others tend to employ algorithms creating unique decryption keys, essentially meaning that only the original developers can fix the issue.
For computers infected with a virus that cannot be decrypted, the only way to correct the problem is to restore a backup. This may still result in loss of data, which can be hugely problematic for businesses and organizations especially, but lets you start afresh.
Creating regular backups to preserve your data can help you minimize damage caused by potential ransomware, but you need to keep these on remote servers or external storage (which remain unplugged from the system itself, to avoid infection).
You can reduce your risk of falling prey to ransomware by being more careful online. Suspicious emails from questionable sources should be deleted straight away and never interacted with. Only download programs and applications from official sites, and make sure you keep your security updated for the most cutting-edge precautions.
The Annabelle ransomware virus is, thankfully, a lesser danger – but it serves as a powerful reminder to up your security game.
Steve E. Driz, I.S.P., ITCP