Annabelle Ransomware is new vulnerability you should be careful about!

Reading time icon 2 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

It has not been long since we talked about Spectre and Meltdown. Now, a new ransomware has been spotted online. This ransomware is called The Annabelle Ransomware. This new ransomware was discovered by a Security Researcher named Bart.

This is very suspicious as this ransomware boots along with the OS by overwriting the master boot record of the infected computer with a bootloader. Once your computer is booted up, this exploit does the following tasks to deploy and grip itself onto your computer:

  1. Terminates security programs.
  2. Disables Windows Defender.
  3. Turns off the Firewall Protection.
  4. Encrypts your data.
  5. Spreads through USB Drives.
  6. Runs a variety of programs.

The MalwareHunterTeam extracted the source code of the exploit. They found out that this ransomware will execute automatically when the user logs in to their PC. It won’t let programs like Process Hackers, Process Explorer, MSConfig, Task Manager, Chrome and more that could be used to kill the process of the code of the ransomware.

As we can see, this exploit also modifies files as in disabling to run programs like Notepad, Notepad++, Internet Explorer, Chrome, bcdedit and more.

This exploit spreads through Autorun.inf files. But as the latest version of Windows 10 doesn’t support this much, this method is useless but still keeps Windows 10 vulnerable.

To get your files safe before the timer runs out, you will have to pay 0.1 Bitcoin to the hacker. Also, you would need to use darknet to pay him.

Via: BleepingComputer

User forum

0 messages