Beware New Ransomware Anatova that targets gamer | How to Remove Anatova

anatovaSecurity researchers Valthek yesterday assigned a new ransomware family Anatova that is targeting consumers across the countries in Europe (Belgium, Germany, France, the UK).who see it as a serious warning created by skilled authors that can turn it into a multifunctional piece of malware.

Anatova just makes a file which was unusable and make a Ransome demanding message in “ANATOVA.TXT” text file. Anatova never add any extension to the encrypted files and also never change their symbolanatova

“We believe that Anatova can become a serious threat since the code is prepared for a modular extension,” the researchers noted

Anatova encrypts the file and then demand of 10 DAS coin, worth approximately $690 to unencrypts file.

This ransomware flattens with the help of multiple distribution routines, including:anatova

  • Spam emails;
  • Brute-force attacks
  • Hacked websites;
  • Repacked installers;
  • Drive-by downloads;
  • Cracks or keygens;
  • Fake updates, etc

anatovaThe malware will try to create a mutex with a hardcoded name (in this case: 6a8c9937zFIwHPZ309UZMZYVnwScPB2pR2MEx5SY7B1xgbruoO) but the mutex name changes in each sample. If the mutex is created and gets the handle, it will call the “GetLastError” function and look if the last error is ERROR_ALREADY_EXISTS or ERROR_ACCESS_DENIED. Both errors mean that a previous instance of this mutex object exists. If that is the case, the malware will enter in a flow of cleaning memory, that we will explain later in this post, and finish. (source McAfee )

Name Anatova
Type Ransomware
Distribution Spam emails, malicious files, hacked websites, drive-by downloads, fake updates, brute-force attacks, etc.
Discovery date January 16th, 2019
Extension None
Ransom note ANATOVA.TXT
Contact anatova2@tutanota.com or anatoday@tutanota.com
Decryptable? No
Elimination Scan your with Reimage or other software that is capable of detecting the payload

 

How to Avoid Anatova diseases while browsing the web.

1.Backup your files regularly. (if possible otherwise weakly)
2. Download and install comprehensive security software and keep it up to date
3. Install system and software patches on time
4. Do not casually open attachments or click on links inside spam emails
5. Avoid visiting high-risk websites, such as porn, gambling, or file-sharing
6. Do not use cracks/keygens tolls. Hacker love injecting malicious scripts into cracks
Be careful with torrents, as something like name.torrent.exe is malicious
7. Disable Adobe Flash – it is an old and unsafe technology that will soon be terminated

Anatova Overview

Anatova usually uses the icon of a game or application to try and fool the user into downloading it.anatova

How to Remove Anatova

First shutdown your system manually then, opened menu click “Restart“, while holding “Shift” button on your keyboard.
In the “choose an option” window click on the “Troubleshoot”, then select “Advanced options“.
In the advanced options menu select “Startup Settings” and click on the “Restart” button. In the following window, you should click the “F5” button on your keyboard. This will restart your operating system in safe mode with networking.

anatova remove

If you cannot start your computer in Safe Mode with Networking, try performing a System Restore. If you face any problem then contact our team we will try to solve your problem.