AnimusLocker Ransomware

AnimusLocker Ransomware is no doubt a vicious threat as it may damage the files located on the computer it infects and demand a ransom to pay in exchange for unlocking such data. Our researchers say the tone of the ransom note left behind by the malware might sound somewhat friendly, but users should not forget their files were locked illegally and in reality, there are no guarantees the hackers who wrote it would do as they say. In other words, if you decide to trust the malicious application’s developers, you might get scammed and lose not only your files but your money as well. If this scenario does not sound too good, we advise you to think this through carefully. If the user has any backup copies on cloud storage, removable media devices, or anywhere else there is hope some of the encrypted files could be restored. In which case, we do not recommend complying with the demands. Instead, it would be safer to erase AnimusLocker Ransomware. For more information, you could read the rest of this text, and if you need any help while deleting the malware, you should check the instructions placed below it too.

As usual for threats like AnimusLocker Ransomware, it was most likely distributed through malicious Spam emails, unsecured RDP connections, and so on. Meaning, it is possible it could have been avoided if the victim was more careful. First of all, it would be smart not to open files sent by someone you are not familiar with. If you fear the data that came with Spam could be in fact important, you should at least check it with a reliable antimalware tool first. Same goes for any other suspicious data downloaded from the Internet, for example, updates, software installers, etc. Next, it would be advisable to update all out-dated tools and replace old passwords that might be weak. Doing this may help you remove possible system’s vulnerabilities and so it might stop threats that get in while exploiting the computer’s weaknesses to settle in.

Unfortunately, if AnimusLocker Ransomware succeeds and enters the system, it could start encrypting user’s files at once. To our knowledge, the malware may target user’s documents, photos, videos, archives, and other files considered to be private and irreplaceable. During the process, each file should be marked with the .animus extension, for example, Hydrangeas.jpg.animus, Koala.jpg.animus, and so on. Data marked by this extension become unusable as it can be opened only with a particular decryption key and a tool. So far there is no news whether any of the volunteer IT specialists managed to create a free decryptor. Therefore, AnimusLocker Ransomware is considered to be undecryptable at the moment of writing. Naturally, users who have no other ways to restore their files might be thinking about the proposal suggested on the ransom note the malicious application should leave once it encrypts all targeted data. The note should be called ANIMUS_RESTORE.txt, and it might be dropped in every directory containing the malware along with two more of its copies.

The proposal from the malicious applications developers we just mentioned is to pay a ransom in exchange for decryption tools. Apparently, the hackers say they will send them as soon as they get the money and the victim contacts them. You should realize it yourself; there is a possibility it could go all wrong because you are required to pay first, and there are no guarantees AnimusLocker Ransomware developers will hold on to their word. In other words, they might not bother to send the promised decryption tools as they could take the transferred money without doing so. This is why we advise against paying the ransom and recommend deleting the malware instead.

If you have no intention of funding hackers behind AnimusLocker Ransomware, you should get rid of the malicious application at once. To eliminate it manually users should follow the instructions provided a bit below this article. In case the task seems too tricky we would recommend installing a reliable antimalware tool. Simply, perform a system scan with your chosen tool and then erase all identified infections by pressing the provided removal button.

Erase AnimusLocker Ransomware

1. Press Ctrl+Alt+Delete.
2. Go to the Task Manager.
3. Find the threat’s process.
4. Mark this process and click End Task.
5. Exit Task Manager.
6. Tap Win+E.
7. Navigate to:
   %TEMP%
   %USERPROFILE%\desktop
   %USERPROFILE%\downloads
8. See if you can locate the malicious file downloaded before the computer got infected.
9. Right-click the suspicious file and press Delete.
10. Check these locations:
    %ALLUSERSPROFILE%\Start Menu\Programs
    %APPDATA%\Microsoft\Windows\Start Menu\Programs
    %USERPROFILE%\Microsoft\Windows\Start Menu\Programs
    %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs
    %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\StartMenu\Programs
11. Look for the threat’s ransom notes, e.g., ANIMUS_RESTORE.TXT.
12. Right-click them and select Delete.
13. Delete the rest of the infection’s ransom notes located in the directories containing locked files.
14. Close File Explorer.
15. Empty Recycle bin.
16. Reboot the system.