Anonymous Ransomware

What is Anonymous Ransomware?

You have to take all of the necessary security measures to prevent Anonymous Ransomware from attacking your Windows operating system. This includes implementing reliable anti-malware software, scanning your PC regularly, installing necessary updates, and, most important, acting carefully when using your computer and browsing the web. According to the researchers of, the most common backdoor for this infection is spam emails. The malicious launcher of this infection is camouflaged as a harmless-looking attachment, and the infection is unleashed upon opening this attachment. The worst part is that most users do not even realize that they are letting in malware, even when the attachment does not open as it should, which prevents them from taking action right away. Once this ransomware slithers in, it wreaks havoc, and deleting Anonymous Ransomware does not solve the problem.testtesttest

How does Anonymous Ransomware work?

Do you value your personal files? If you do, it is most likely that you have backed them up (e.g., using a trusted external drive), in which case Anonymous Ransomware will not intimidate you. However, if backups of your most sensitive files do not exist, this malicious infection will have detrimental effects. This infection goes after your personal files, such as documents or photos, by encrypting them using a complex AES algorithm. In order to decipher your files, you need a decrypter, but this is what the creator of this ransomware will not provide you with. Cyber criminals rely on your need of this decrypter to make sure that you pay the ransom, which is $250. Right now, this sum converts to around 0.46 Bitcoins, and you need to use this virtual currency to make the payment. According to the notification that pops up on the screen right after the encryption of your personal files is completed, the only way to have your files decrypted is by paying the ransom, and we are sure that many users will rush to pay it. Just like CryptoHitman Ransomware, Jigsaw Ransomware, and other ransomware infections from this family, Anonymous Ransomware threatens to delete more and more files the longer you wait to pay the ransom. Here is an excerpt from the warning.

During the first 24 hour you will only lose a few items, actioned every hour
the second day a few hundred, the third day a few thousand.
If you turn off your computer, or attempt remove the virus or try to close this window, it will start up again and WILL delete 1000 files as a punishment.

The window introduced by the devious Anonymous Ransomware includes a button that opens a different window listing all of the files that are encrypted. As you might have noticed yourself, these files have the “.xyz” extension attached to them, which makes it very easy to identify them. Needless to say, this malicious threat is completely transparent, and you should realize right away that you have been hit by devious cyber criminals. There is no need for pretense or disguises as the encryption of the files leaves no other option but to pay the ransom. As mentioned previously, those users, who have their files backed up, can easily remove any ransomware without fearing the loss of data. However, those who need to decrypt their files can be brought to the knees by the creators of ransomware. The good news is that there might be a way to decrypt the files affected by the malicious Anonymous Ransomware.

How to delete Anonymous Ransomware

According to our research, third-party decryption software capable of deciphering the encryption by Anonymous Ransomware might exist. When looking for the right decryption tool, make sure you do not get tricked into downloading useless, unwanted, or even malicious software. If you successfully decrypt your files, make sure you remove Anonymous Ransomware as soon as possible. The malicious components of this devious threat are still active on your PC, and you need to erase them before they are used in a malicious manner. We suggest terminating a malicious process called "Microsoft Defender.exe" first to ensure that the ransomware does not delete your personal files every hour. When it comes to removal, you might be deciding between the manual and automatic removal options. Obviously, if you install an anti-malware tool, it will clean the PC from malware and keep it protected in the future, which makes this your best option. If you still want to get rid of the ransomware manually, follow the instructions below.

Removal Instructions

  1. Tap keys Ctrl+Shift+Esc at the same time to launch Task Manager.
  2. Select the process called Microsoft Defender.exe and click End task/End process (we advise checking the location first, which should be C:\Users\[username]\AppData\Roaming\MS\).
  3. Tap keys Win+R at the same time to launch RUN.
  4. Type regedit.exe into the dialog box and click OK to launch Registry Editor.
  5. Navigate to HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
  6. Right-click and Delete the value named Defender.exe (we advise checking the value data first, which should include the path to C:\Users\[username]\AppData\Roaming\MS\).
  7. Tap Win+E keys at the same time to launch Explorer.
  8. Enter %APPDATA% into the bar at the top to access this directory.
  9. Right-click and Delete the folder named System32Work (we advise opening this folder first to see if it contains EncryptedFileList.txt, Address.txt, and dr files).
  10. Right-click and Delete the file named MS Defender.exe in the same %AppData% directory.
  11. Enter %LOCALAPPDATA% (Windows XP users enter %UserProfile%\Local Settings\Application Data) into the bar at the top of the Explorer window.
  12. Right-click and Delete the file named MS app_roaming.exe.
100% FREE spyware scan and
tested removal of Anonymous Ransomware*

Leave a Comment

Enter the numbers in the box to the right *