New Anatova Ransomware Supports Modules for Extra Functionality

Anatova Ransomware : Modules Supported Ransomware

Recently, team of malware researchers have discovered a new member of ransomware family dubbed as Anatova Ransomware that targets users across the globe. The name of this ransom virus is based on ransom note because it doesn’t append any file extension to locked files. First of all, it was discovered on January 16 but till now it has infected wide range of System. The attack of such a ransom virus has been reported over the entire world but of them being in US and Europe countries including Germany, UK, Belgium, France and many more. Based on its sample, researchers revealed that Anatova Ransomware includes anti-analysis routine. It supports numerous modules for performing the extra functionality.

Get Familiar With The Modular Architecture of Anatova Ransomware

In the peer-to-peer network, Anatova Ransomware uses an icon for an application or game in order to lure System users into downloading it. It loads two DLL files which indicates that Anatova Ransomware is prepared to be extended or modular with several functions in future. By creating the modular of this ransomware, con artist can use it for all sort of capabilities that would be take priority before executing the routine of file encryption.

In-Depth Information of Anti-analysis Process of Anatova Ransomware

By embedding the memory cleaning procedure, Anatova Ransomware tries to make it more resilient. After penetrating inside the PC, first of all it check username of logged in system user. If the username matches with one on internal list, ransomware deploys cleaning process and then after exits. Being a ransomware, it mainly performs the file encryption procedure to locks users files, make them unreadable and ask them to pay ransom fee in order to decrypt their files. On the ransomware market, Anatova Ransomware seems to be a new player but it too much dangerous.

Related News: Ryuk Ransomware Attack Delayed Printing Of Many Newspapers

File Encryption Process of Anatova Ransomware

Anatova Ransomware is identified as a notorious and dangerous ransomware infection. It mainly targets system files that are 1MB in the file size or smaller to make quick file encryption procedure. The encryption procedure of this ransom virus is similar to other one but the most noticeable fact is that it doesn’t append any specific file extension. It adds only ransom note named ANATOVA.txt to every folder where at least one file is locked.

Detail View of Ransom Note Displayed By Anatova Ransomware

In ANATOVA.txt file, the developers of Anatova Ransomware states user that their files are locked and to decrypt files they asks victims to pay 10 DASH in provided email address including [email protected] and [email protected] But like other ransom variant, ransom note of Anatova Ransomware is also fake. Ransom note is nothing than a tricky object used by hackers to trick more and more users. By paying money, you only encourages the team of hacker to promote their evil intention. Therefore, it is highly advised to get rid of Anatova Ransomware instead of contacting with Anatova Ransomware developers or paying large sum of ransom fee.

Leave a Comment

Your email address will not be published. Required fields are marked *