Anubi Ransomware

What is Anubi Ransomware?

According to our cybersecurity experts, Anubi Ransomware is a recently released ransomware-type computer infection that can encrypt your files and then offer you to purchase a decryption tool/key to get them back. They even offer you to send three encrypted files, and they send you them back decrypted as proof that they can decrypt all of your files. However, your fill might not be worth the money, and there is no guarantee that the cybercrooks will keep their word. Therefore, we recommend that you remove this ransomware. For more details on this malicious program, please read this whole article.

What does Anubi Ransomware do?

Anubi Ransomware was designed to encrypt your files with a strong encryption algorithm to compel you to pay a ransom. It might encrypt your most valuable pictures, documents, audios, and video files, so you may be tempted to pay the ransom. Furthermore, it appends the encrypted files with a custom ".[anubi@cock.li].anubi" file extension and then drops a ransom note named "__READ_ME__.txt" in each folder where your files were encrypted. Note that this ransomware does not charge the original names of the files like some other ransomware-type programs do.

The ransomware note does not disclose the amount to be paid to decrypt your files. To find out how much you have to pay, you have to email the cyber criminals to anubi@cock.li. They want you to pay the ransom in Bitcoins in order not to be traced back.  They also say that they can decrypt three files that are no more than 1 MB in size for free as proof that they can decrypt all of your files. However, there is no guarantee that they will decrypt all of your files, so you need to take that into consideration. Also, your files might not be worth the money.

Where does Anubi Ransomware come from?

Since this ransomware is new, there is almost no information on how it is distributed. Our malware analysts say that it might come in deceptive emails that disguise Anubi Ransomware as an invoice in a PDF file. Also, it might come bundled with cracks and keygens of software featured on piracy websites. We have received a report that suggests that this ransomware is dropped in %HOMEDRIVE% and the name of its executable file is locker.exe. Furthermore, it creates a Point of Execution (PoE) named Adobe Acrobat Optimizer x86 at HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run in Windows registry. Also, if you cannot find this ransomware in %HOMEDRIVE%, right-click Adobe Acrobat Optimizer x86 and see its value data which contains the file path to the executable. The PoE is set to execute this ransomware on each system startup and encrypt your files.

How do I remove Anubi Ransomware?

In closing, Anubi Ransomware is one malicious computer infection that can encrypt your files and demand that you pay money to get them back. You should not comply with the demand because the criminals behind this program might not keep their word and decrypt them. Therefore, we recommend that you delete Anubi Ransomware using our manual removal guide or SpyHunter, a powerful anti-malware tool that will make light work of this infection and protect your PC from other dangerous software.

Removal Guide

1. Hold down Windows+E keys.
2. Type %HOMEDRIVE% in the address box and press Enter.
3. Locate locker.exe, right-click it and click Delete.
4. Close File Explorer.
5. Delete all copies of __READ_ME__.txt
6. Hold down Windows+R keys.
7. Type regedit in the box and press Enter.
8. Go to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
9. Find Adobe Acrobat Optimizer x86, right-click it and click Delete.
10. Close Registry Editor.
11. Right-click the Recycle Bin and click Empty Recycle Bin. Download Removal Tool100% FREE spyware scan and
    tested removal of Anubi Ransomware*

Stop these Anubi Ransomware Processes: