Click on screenshot to zoom
Danger level 6
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Anoncrack Ransomware

If your computer were to become infected with Anoncrack Ransomware, then it would encrypt your pictures and documents and then offer you to buy a decryption key to get them back. However, you should not trust its creators as they can trick you and not send you the decryption key. Therefore, we recommend that you remove it from your computer as soon as you can. Apparently, this ransomware is distributed using deceptive tactics, so you will not see it coming unless you have a powerful anti-malware program on your PC to stop it dead in its tracks. For more details on this malicious program, please read this article.

Anoncrack Ransomware was configured to encrypt documents and pictures specifically because they are the most likely file types to be of any value to the user. The encryption method used by this ransomware is not known at the moment, but it is likely that it uses the AES, RSA or a combination of both encryption methods. We believe that the resulting encryption should be quite strong, so decrypting your files using a third-party decryption toll may not be a viable option. While encrypting your files, this ransomware was set to append them with a custom “.crack” file extension that acts as a marker for encrypted files. Interestingly, we have received information that suggests that this program was designed to target older computers with 32-bit Intel 386 processors which have been outdated for years and almost no one uses them anymore.

Once Anoncrack Ransomware has completed encrypting your files, it is set to drop a ransom note into each folder where a file was encrypted. The name of this file is pago.txt, and it is a text file, so it is not malicious. It features instructions on how to pay the ransom, but the text is in Spanish only, so it was indented for Spanish speaking countries of Europe and South America. The developers of this ransomware want you to pay 30 USD worth of Bitcoins which does not seem that much. If you fail to pay within seven days, however, the ransom is set to increase to 100 USD. Still, you should refrain from paying it, especially if this ransomware encrypted unimportant files. The developers cannot be trusted because they might not send you the decryption key after they receive your money.

We have received information that the main executable of Anoncrack Ransomware could be Paypal Money Sender V2.0.exe as it can be disguised as a PayPal money sender app. Nevertheless, the name can be totally random. We have also found that this ransomware does not copy itself to a hidden location when it is executed. Hence, it will run from the folder from which you launched it.

As far as its distribution methods are concerned, we assume that it might be sent by email or could be featured on malicious websites that present it as a money sending app in order to trick users into running this ransomware willingly. Unfortunately, there is no concrete information on the distribution methods used, but the two distribution methods mentioned above are the most plausible. In case it is distributed via email, this ransomware should be attached to the email in and zipped. If you open the zipped file and run the ransomware, then its executable will be dropped in the %TEMP% folder. In most other cases (if you download it manually) it will be dropped in your Downloads folder or specified folder.

So there you have it. This is all of the information currently available about Anoncrack Ransomware. It is highly malicious as it can encrypt your pictures and documents in an effort to make you give them money for a decryption key that you might not receive. Therefore, we recommend that you take action immediately and remove this ransomware using an anti-malware program such as SpyHunter or our manual removal guide featured below.

Removal Guide

  1. Press Win+E keys.
  2. In the File Explorer’s address box, enter the following file paths.
    • %USERPROFILE\Downloads
    • %USERPROFILE\Desktop
    • %TEMP%
  3. Identify the ransomware’s executable.
  4. Right-click it and click Delete.
  5. Right-click the Recycle Bin and click Empty the Recycle Bin.
Download Spyware Removal Tool to Remove* Anoncrack Ransomware
  • Quick & tested solution for Anoncrack Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.