Blog

Ranstop blocks Annabelle ransomware

Test subject – Annabelle ransomware

As its name suggests, Annabelle is one of the most “horrific” ransomware of the last few months, probably inspired by the horror movie franchise with the same title. Its purpose is unlikely to produce revenues, but rather to create panic among its victims and to irreversibly damage data.

Annabelle ransomware test facts

We must admit that the malware is reasonably sophisticated. It starts by disabling anti-malware solutions, preventing the user to open specific applications, deletes volume shadow copies, replaces the standard Windows log-on procedure with one of its own, encrypts user files and then restarts the PC. The attacked files have “.ANNABELLE” extension. The user is presented with a recovery app for a limited amount of time. If the time runs out and the ransom is not paid, the system is brutally rebooted once more by triggering a BSOD (Blue Screen of Death), but not before the master boot record of the system drive is replaced. Upon reboot, a hilarious image is displayed without any easy possibility to recover anything from this point on. The same happens if the user gracefully restarts the system while the countdown is still on.

While it is not impossible to recover the encrypted data, as the malware is based on a decryptable and existing ransomware, the user has to follow some steps in a specific order. First, the original MBR has to be restored, then the IFEO (Image File Execution Options) registry entries need to be cleaned up. Once the system boots, with the help of existing decryptors, data decryption may be attempted. Finally, the system needs to be scanned for leftover, malware-related files. This process might prove tricky to many users, especially on some server setups.

More information is available at https://www.bleepingcomputer.com/news/security/the-annabelle-ransomware-is-a-horrific-mess.

Annabelle ransomware test results

TEMASOFT Ranstop detects this version of Annabelle ransomware soon after it starts encrypting files. Upon detection, alerts are fired off, and the malicious process is stopped and quarantined. The encrypted files are automatically restored so that the user doesn’t lose any valuable document.


Click here to watch TEMASOFT Ranstop in action against Annabelle ransomware (video)!

Learn how to protect against ransomware!

About TEMASOFT Ranstop

TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.

For more information, follow us on social media and subscribe to our newsletter.

This post was last modified on August 21, 2023 7:26 am

FM Team

Share
Published by
FM Team

Recent Posts

The Role of File Monitoring Solutions in Maintaining File Integrity

In the digital world, information is often stored and transferred through files. From the most…

May 12, 2023

Guide to Conducting an Efficient File Access Permissions Audit for Admins and Technology Managers

Introduction Data security is more important than ever in today's fast-paced digital world. One critical…

April 9, 2023

File Integrity Monitoring: What It Is and Why It Matters

Introduction: Cyber threats are a growing concern for businesses and individuals alike. With the increasing…

March 5, 2023

Monitoring Essential Microsoft IIS Server Configuration Files for Enhanced Security

Microsoft Internet Information Services (IIS) is a popular web server that is widely used to…

February 25, 2023

Tracking file changes helps admins solve server configuration problems

File tracking is an important aspect of server administration, and it can help administrators detect…

February 1, 2023

Three reasons why admins should use file monitoring solutions

File monitoring solutions are essential tools for administrators to manage and protect their organizations' data…

January 6, 2023