Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Annabelle Ransomware (.ANNABELLE)

  • Distribution Method : Unknown
  • MD5 : 0f743287c9911b4b1c726c7c7edcaf7d
  • Major Detection Name : Ransom-Anabelle!0F743287C991 (McAfee), Ransom_LEBANA.THBBBAH (Trend Micro)
  • Encrypted File Pattern : .ANNABELLE
  • Major Characteristics :
         - Offline Encryption
         - Stupid Ransomware series
         - After completion of encryption, windows reboots automatically (shutdown.exe -r -f -t 0), and launches Screen Lock message
         - Blocks execution of system processes  (cmd.exe, gpedit.msc, msconfig.exe, taskmgr.exe, etc.) by adding registry value related to Image File Execution Options
         - Disable system restore (vssadmin delete shadows /all /quiet)
         - Turns off Windows Firewall (NetSh Advfirewall set allprofiles state off)
         - Turns off User Access Control (UAC)