Click on screenshot to zoom
Danger level 6
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Anubi Ransomware

If Anubi Ransomware manages to crawl onto your system, you can be sure that your important files will be encrypted, which means that you may lose all of them if you do not have a recent backup copy somewhere safe. Nowadays people tend to use cloud storage to make backups, which is a great idea; however, some more sophisticated ransomware infections may be able to hack into such accounts and destroy your files there, too. Basically, the safest solution is still to have a removable drive that you only connect when backing up your files or copying them back after such a devastating attack like this one, for example. You are pushed to pay a ransom fee in order to get the decryption tool without which it is practically impossible to recover your files. However, there is never any guarantee that such cyber crooks will actually send anything to you other than another malware infection to extort even more money from you once you prove yourself willing to pay. We strongly recommend that your remove Anubi Ransomware immediately and then, you can transfer all your clean files back onto your hard disk.

We cannot yet confirm the mostly used distribution method for this ransomware program but we can tell you some possible ways these cyber criminals may try to spread their vicious threat. The number one on our list is definitely spamming campaigns because that is one of the most widely used methods. If you have opened a mail recently that was regarding a supposed urgent matter like an unpaid invoice or an issue with your credit card details in connection with an online purchase or a booking, it is quite likely that this mail had an attachment, too. This attached file can look like an image or a text document. In the first case, it is the malicious executable itself that is activated the moment you click to view this file. In the second case, this document downloads the executable in the background after you enable macros in your endeavor to see the content of this file. It is obvious that you cannot delete Anubi Ransomware without your files being encrypted. This is why it is so crucial that you try to prevent it from entering your system in the first place.

Another possibility is that you download a software crack or a serial key generator from a suspicious torrent page and instead of your targeted and promised file you end up with this dangerous ransomware program activated on your system. Yet another way for this infection to infiltrate your system is via remote desktop protocol (RDP) attacks, which requires you to have remote desktop software on your system that is configured weakly. But we cannot exclude the possibility of Exploit Kits as well that can take advantage of outdated browsers and drivers; therefore, it is vital that you keep your programs always up-to-date to prevent such malicious attacks from happening. Remember that you cannot remove Anubi Ransomware before it encrypts your files.

Some users reported that this ransomware may operate through an executable called "%HOMEDRIVE%\locker.exe" but you can find out for sure if you check your registry for a value name called "Adobe Acrobat Optimizer x86" in "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" registry key. This is the point of execution this ransomware sets up after you launch the malicious file. Creating this registry entry makes sure that this malware infection starts up automatically every time you log in to your Windows and it will also encrypt all your newly created files. This infection uses an AES algorithm to encrypt your important files, including your photos, documents, archives, and .exe files as well. The encrypted file get a ".[].anubi" extension. The ransom note text file called "__READ_ME__.txt" is dropped in every affected folder.

There is not detail in the ransom note regarding the amount you have to pay in Bitcoins but there is a suggestion that the sooner you pay, the cheaper you can get the decryption tool. You have to write an e-mail to "" for further details. We do not advise you to pay any money to these crooks because you cannot know for sure that they will send you the decryption tool or not. In fact, experience shows that most of the time such crooks simply disappear after they get your money. We advise you to act now and remove Anubi Ransomware from your system.

It is not too complicated to eliminate this dangerous ransomware program. We have included instructions for you below so that you can manually take care of this threat if you want to. However, if you are an inexperienced user, you may prefer an automated tool to clean your system. Thus, we recommend that you install a reliable and reputable anti-malware program, such as SpyHunter. If you want to avoid similar threats, you need to stay away from suspicious websites and refrain from clicking on third-party ads. Also, it is important that you update all your programs frequently.

How to remove Anubi Ransomware from Windows

  1. Press Win+R and type regedit. Click OK.
  2. Locate the "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Adobe Acrobat Optimizer x86" registry value name.
  3. Check its value data for the location of the malicious executable and keep it in mind or copy it.
  4. Now, delete this value name.
  5. Close the registry editor.
  6. Press Win+E.
  7. Locate the malicious .exe file and delete it. If this file is not the one that you may have downloaded from a spam, you need to search for all suspicious files recently downloaded and bin them all.
  8. Bin all of the ransom note files.
  9. Empty your Recycle Bin.
  10. Restart your computer.
Download Spyware Removal Tool to Remove* Anubi Ransomware
  • Quick & tested solution for Anubi Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.