1 of 2
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Slow internet connection
  • Normal system programs crash immediatelly
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Anonpop Ransomware

Anonpop Ransomware is not like any other known ransomware infection. Even though it demands a ransom like such well-known ransomware infections as KozyJozy Ransomware, Mircop Ransomware, and Crypt38 Ransomware, the truth is that it does not lock any personal files users store on their computers. Instead, it finds them all and then deletes them. As this ransomware infection deletes files, there is no point in paying for the decryption tool because you will get nothing in return from cyber criminals. Even if the decryption tool existed, it would not recover deleted files for you. Therefore, we suggest that you remove Anonpop Ransomware from the system as soon as possible and then try to recover your deleted files using free recovery tools that can be downloaded from the Internet. You will find all the necessary information regarding the Anonpop Ransomware removal in this article.

Unlike other ransomware infections, Anonpop Ransomware does not encrypt files the moment it sneaks onto the computer even though it says so. Researchers have revealed that this threat immediately deletes files found in the following folders and drives:

  • %USERPROFILE%\Documents\
  • %USERPROFILE%\Downloads\
  • %USERPROFILE%\Pictures\
  • %USERPROFILE%\Music\
  • %USERPROFILE%\Videos\
  • %USERPROFILE%\Contacts\
  • %USERPROFILE%\Favorites\
  • %USERPROFILE%\Searches\
  • C:\Program Files\Google\
  • C:\Program Files\Windows Defender\
  • C:\Program Files\Mozilla Firefox\
  • C:\Program Files\Internet Explorer\
  • C:\Program Files (x86)\Google\
  • C:\Program Files (x86)\Internet Explorer\
  • C:\Program Files (x86)\Mozilla Firefox\
  • %AppData%\Local\Temp\
  • %USERPROFILE%\Desktop\
  • D:\
  • E:\
  • F:\
  • H:\
  • G:\
  • I:\

After it deletes them all (including pictures, music, videos, and other valuable files) from the system, it downloads the .jpg file and then opens it to cover Desktop. It does that in order not to allow users to access their programs, files, and use the computer normally. Fortunately, the ransom note can be removed by pressing Windows key + D on the keyboard.

The message that will appear on your screen will contain the picture of Guy Fawkes’ mask, and it will try to convince you that “your computer files have been crypted and moved to a hidden encrypted partition on your computer”, and you need to transfer money to get the “decryption password and simple instructions to restore all your files and computer to normal instantly.” It is said that the price of the password will be $125 if you pay within 24 hours and it will reach $199 if you make a payment after 24 hours have passed. Also, it is said that all the files will be deleted after 72 hours if the payment is not received. This message does not contain the detailed information on how to make a payment. Instead, users are instructed to write an email to websupport16@yandex.com. As you already know, Anonpop Ransomware deletes all the files the moment it slithers onto the computer. Therefore, you should not even bother writing an email and thus paying money for the decryption tool.

In order to convince users that everything is very serious here, Anonpop Ransomware adds the startup item Anonpop and the entry in the Run registry key. Therefore, you will see the alert saying that the computer will be turned off in 60 seconds. Unfortunately, it tells the truth – your computer will shut down in 1-2 minutes and nothing will change if you reboot it, which means that you will not be allowed to use your computer normally unless you delete Anonpop Ransomware from your computer fully.

As you already know how Anonpop Ransomware acts, we should now turn to its distribution. Researchers working at pcthreat.com have managed to find out that this ransomware infection is usually distributed via spam emails. These emails usually pretend to be complaints from the Office of The Attorney General. They always contain an attachment inside, which is usually a .zip archive. Users who download the archive and open the .pdf file they find inside allow the ransomware infection to enter their systems immediately. As other ransomware infections are distributed the same way, we suggest that you ignore spam emails completely no matter they are sent from a person you know or a reliable company. Also, we recommend installing security software to protect the system from future harm.

Anonpop Ransomware is not an ordinary piece of software that can be removed from the system easily. Therefore, we have decided to help you to get rid of it by sharing our manual removal instructions with you. Feel free to use them but keep in mind that it might not be enough to remove Anonpop Ransomware only because other infections might be hiding on your computer and performing activities behind your back as well. Do not worry; they can be easily found by scanning the system with an automatic malware remover, e.g. SpyHunter. The diagnostic version of this tool can be downloaded easily from our website pcthreat.com free of charge.

Delete Anonpop Ransomware

  1. Tap Windows key + D to remove the ransom note.
  2. Launch RUN (Win+R).
  3. Enter cmd and tap Enter.
  4. Type shutdown /a.
  5. Tap Enter.
  6. Close the Command Prompt.
  7. Launch RUN again and enter regedit.exe.
  8. Click OK.
  9. Move to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  10. Find and delete the Anonpop value (the name might consist of random letters too).
  11. Close the Registry Editor and tap Ctrl+Shift+Esc.
  12. Open the Processes tab.
  13. Find the Anonpop process, right-click on it, and click End Process.
  14. Find the malicious file you have downloaded and remove it.
  15. Empty the Recycle bin and restart your computer.
Download Spyware Removal Tool to Remove* Anonpop Ransomware
  • Quick & tested solution for Anonpop Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.