Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Ann Ransomware

Ann Ransomware is very similar to Matrix9643@yahoo.com Ransomware or KOK8 Ransomware. However, the malicious applications have their differences as well, for example, they may create slightly different data, provide different names for their encrypted files, and so on. Our researchers also noticed, Ann Ransomware might be unable to encrypt some files, and in such case, it could create specific log files on the user’s Desktop. Next, the malware should display a ransom note asking only to email the infection’s developers. We are almost one hundred percent sure, the email from the threat’ developers would demand to pay a ransom, but as we will explain further in the article doing so might turn out to be a horrible idea. Thus, before making any decisions users who encounter it should learn more about this malicious application first. Should you decide to eliminate it after reading our report, we encourage you to use the instructions located at the end of this report.

To begin with, it is essential to explain how Ann Ransomware could get into the system. Usually, ransomware applications travel with Spam emails, unreliable software installers, or other suspicious data downloaded from the Internet. Still, it does not you will be safe as long as you keep away from doubtful email attachments or files from the torrent and other untrustworthy P2P file-sharing web pages. In some cases, such threats enter the computer while exploiting its weaknesses, which could appear because of outdated software or weak passwords. As an extra precaution, we would recommend installing a reliable antimalware tool too. It can stand guard and protect the system from various malicious applications; all you have to do is keep it up to date and enabled.

After entering the system, Ann Ransomware should drop a few files on %APPDATA%. Then it should start encrypting user’s files, for example, pictures, videos, documents, etc. In case, it fails to encrypt anything the infection could drop log files titled elog_.txt or similarly on the Desktop. It is easy to recognize encrypted files because once they are affected, they should be given names created from the AskHelp@protonmail.com email address and random characters, followed by .ANN extension. For instance, a document named, first_chapter.docx could become [AskHelp@protonmail.com].Cg7K9rQv-blKwNTrQ.ANN. Another thing that should indicate changes to the files and the system is a text document dropped on the user’s Desktop or locations containing enciphered files. The text document should be named #README_ANN#.rtf.

Inside of the mentioned text file (#README_ANN#.rtf) users should see a long message with instructions on how to contact the malware’s creators. Moreover, the hackers try to convince the user they will hold on to their promise and decrypt all the files Ann Ransomware affected if the user puts up with their demands. The message even claims the victim can send up to three unimportant files of small size for free decryption. Needless to say, this does not provide any guarantees the hackers will send you decryption tools. Given they will most likely ask to pay for such tools first, there is a possibility you could get scammed, and if you do not want this to happen, we recommend erasing Ann Ransomware.

There are two ways to get rid of the malware. Probably, the easiest one is to scan the computer with a reliable antimalware tool of your preferences. Afterward, it should display a list of detected threats, and the only thing you would need to do to remove them all is press the provided deletion button. The other option is to find all data created by the malicious application or belonging to it and erase it manually. This option might be more difficult, but if you are determined to eliminate Ann Ransomware manually, you could follow the instructions added below the text as they will explain the process in detail. Users who have more question about the removal instructions or the threat itself can leave us messages in the comments section too.

Erase Ann Ransomware

  1. Tap Ctrl+Alt+Delete.
  2. Choose Task Manager.
  3. Find the threat’s process.
  4. Select it and click End Task.
  5. Exit Task Manager.
  6. Tap Win+E.
  7. Find the following paths:
    %TEMP%
    %USERPROFILE%\desktop
    %USERPROFILE%\downloads
  8. Search for the file opened before the files got encrypted.
  9. Right-click the malware’s launcher and press Delete.
  10. Locate documents called #README_ANN#.rtf, then right-click them and press Delete.
  11. Go to this path: %APPDATA%
  12. Find randomly titled .bmp, .vbs, and .bat files.
  13. Right-click them one by one and select Delete.
  14. If there are any log files, for example, elog_.txt on the Desktop, remove them too.
  15. Close File Explorer.
  16. Empty Recycle bin.
  17. Reboot the system.
Download Spyware Removal Tool to Remove* Ann Ransomware
  • Quick & tested solution for Ann Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.