The Annabelle Ransomware Is a Horrific Mess https://www.bleepingcomputer.com/news/security/the-annabelle-ransomware-is-a-horrific-mess/
Recently Bitdefender has also released a decryptor for the Annabelle Ransomware. https://labs.bitdefender.com/2018/03/annabelle-ransomware-decryption-tool/ I'm not sure how much it differs from the BleepingComputer and MalwareHunterTeam tool. As far as I can tell from the Bitdefender site, you have to recover the MBR but it doesn't give guidelines for that. The BleepingComputer article points to RKill for replacing the MBR. The Bitdefender decryptor is also listed at the No More Ransom project: https://www.nomoreransom.org
Trends 2018: The ransomware revolution https://www.welivesecurity.com/2018/03/07/ransomware-revolution/
Zenis Ransomware Encrypts Your Data & Deletes Your Backups March 16, 2018 https://www.bleepingcomputer.com/ne...-encrypts-your-data-and-deletes-your-backups/
New R2D2 Technique Protects Files Against Wiper Malware March 21, 2018 https://www.bleepingcomputer.com/ne...chnique-protects-files-against-wiper-malware/
The AVCrypt Ransomware Tries To Uninstall Your AV Software March 23, 2018 https://www.bleepingcomputer.com/ne...nsomware-tries-to-uninstall-your-av-software/
Rapid 2.0 Ransomware Released, Will Not Encrypt Data on PCs with Russian Locale March 23, 2018 https://www.bleepingcomputer.com/ne...-not-encrypt-data-on-pcs-with-russian-locale/
The Week in Ransomware - March 23rd 2018 - Govt Infections, Zenis, and More March 23, 2018 https://www.bleepingcomputer.com/ne...rch-23rd-2018-govt-infections-zenis-and-more/
The DiskWriter or UselessDisk BootLocker May Be A Wiper March 24, 2018 https://www.bleepingcomputer.com/ne...ter-or-uselessdisk-bootlocker-may-be-a-wiper/
Of note about this bugger is none of the AI engines on VT are detecting it. This also explains why Windows Defender also isn't. Hey, but people believe signature detection is useless - right? No, wrong.
Typical MBR locker. Anything that will stop the mechanism of the Petya's will squash this one.The only mystery here is why anyone would waste the time to code it (Entrance Exam to Blackhat U?).
Unlike Petya, this malware is a diskwiper; not ransomware. The ransomware screen is totally bogus. Per the bleepingcomputer.com article, this bugger also wipes the MFT. So there is no way to recover your files.
What I meant was that the products that had the anti-MBR trasher in place will stop this one quite nicely.
About the only thing to do would be a Restore, but God Forbid if folk are using security solutions that would allow it in the first place. The malware itself is nothing special; Petya (Green flavour) and Satana also messed with the MFT, and the NotPetya variant was also called a wiper. But any of these actions needs direct disk access to work, so the generic block to this process (seen in about all anti-ransomware products and any AV worth using) stops this malware.
Hi Cruelsister You are so right. Anything that detects ransomware at work means you are already infected. People just don't get that.
Organizations blame legacy antivirus protection for failed ransomware prevention https://www.helpnetsecurity.com/2018/03/29/failed-ransomware-prevention/
Power Company in India Hacked and Billing Data Ransomed for 10 Million Rupees March 29, 2018 https://www.bleepingcomputer.com/ne...-billing-data-ransomed-for-10-million-rupees/
