Anonymous Ransomware

Anonymous Ransomware is known to be a serious computer infection that might cause much harm. It usually enters computers without permission and then immediately starts encrypting personal files users keep on their computers. It did not take much time for specialists working at pcthreat.com to find out how this infection works because they have immediately noticed that it is simply another version of the well-known Jigsaw Ransomware that used to be popular. Anonymous Ransomware, like other ransomware infections, seeks to steal money from users, so it encrypts files in order to be able to ask users to pay a ransom. As in the case with Jigsaw Ransomware, we suggest that you delete this infection as soon as possible and do not send money to cyber criminals. We suggest keeping the money to yourself because a) the free tool for recovering files exists and b) you might not get anything from cyber criminals because they just seek to receive money from users. It is not that easy to eliminate the ransomware infection from the system because it creates its own process in the Task Manager, creates new files in %LOCALAPPDATA%, %APPDATA%, and %UserProfile%\Local Settings\Application Data directories, and, finally, it puts the Value in the Run registry key (HKCU\Software\Microsoft\Windows\CurrentVersion\Run). Therefore, specialists have decided to help you to delete Anonymous Ransomware from the system.

Researchers are sure that Anonymous Ransomware will encrypt all the personal files it manages to find installed on the computer, including those which have the following filename extensions: .3gp, .aep, .png, .pot, .txt, .gif, .flv, .indb, .jar, .java, .prel, .potx, .max, .msg, .mid, .mp3, .mp4, .mpeg, .mpg, and .jpg. The ransomware infection will assign the .xyz extension, which means that you will see that the majority of your files have two filename extensions, e.g. picture.jpg.xyz and mysong.mp3.xyz after Anonymous Ransomware finishes its main job. To inform users about the situation, this computer infection also creates a window with the symbol of the Anonymous group in order to look more dangerous. It will be put on Desktop, but it will not lock it. Below is an excerpt of the ransom note you will see if Anonymous Ransomware enters your computer:

Your data has now been fully encrypted

But don’t worry! This can be temporary

Follow the instructions and this virus will decrypt all the data and then remove itself.

However, time is crucial. Every hour, it will select some of them, and delete permanently.

Many users decide to pay the ransom of $250 because they do not want to lose their files. To be frank, specialists at pcthreat.com do not think that it is very clever to pay money for cyber criminals because the free decryptor exists, and there are no guarantees that cyber criminals will decrypt files after they receive money, in the first place. If we have convinced you to keep the money to yourself, you still need to remove Anonymous Ransomware as soon as possible because it deletes files every time the clock reaches zero. In addition, it will delete a great deal of data if you restart the computer and it re-launches.

There are so many ransomware infections these days, and they all seek to extort money from users. We are sure that you do not want to lose your files again, so we have decided to provide you several pieces of advice in order to help you to prevent malware from slithering onto the computer. First of all, you should ignore all spam emails without exception because such threats are usually distributed through spam emails. To be more specific, researchers have observed that ransomware infections travel as spam email attachments. As they usually look like innocent files, users open them and thus allow the ransomware to enter their computers the same second. Secondly, it is very important to download applications from reliable sources only in order not to download malware alongside them. Finally, security experts say that it would be smart to install security software on the computer.

As the Anonymous Ransomware removal is a difficult task, we suggest that you use our manual removal guide to get rid of this threat manually. We suggest performing the full system scan with SpyHunter after the deletion of this threat to eliminate all other infections and to make sure that no other components of the ransomware infection hide on the computer. As we have already told you, your personal files will not be unlocked, but we are sure that the free decryptor you can download from the web will help you to gain access to them.

Remove Anonymous Ransomware

1. Tap Ctrl+Shift+Esc.
2. Open the Processes tab.
3. Locate the process Microsoft Defender.exe, right-click on it, and select End Now.
4. Close the Task Manager and tap Win+E simultaneously.
5. Type %LOCALAPPDATA% in the bar.
6. Locate MS app_roaming.exe and delete it.
7. Go to %UserProfile%\Local Settings\Application Data and delete MS app_roaming.exe.
8. Enter %APPDATA% in the address bar.
9. Remove these files: MS Defender.exe, System32Work, Address.txt, dr, and EncryptedFileList.txt.
10. Launch RUN (Win+R).
11. Enter regedit.exe.
12. Tap Enter.
13. Move to HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
14. Locate the Value Defender.exe having Data C:\Users\user\AppData\Roaming\MS\Defender.exe.
15. Right-click on it.
16. Click Delete.
17. Remove the malicious file you have downloaded from the spam email.
18. Empty the Recycle bin and reboot your computer.