Security researchers Valthek yesterday assigned a new ransomware family Anatova that is targeting consumers across the countries in Europe (Belgium, Germany, France, the UK).who see it as a serious warning created by skilled authors that can turn it into a multifunctional piece of malware.
Anatova just makes a file which was unusable and make a Ransome demanding message in “ANATOVA.TXT” text file. Anatova never add any extension to the encrypted files and also never change their symbol
Anatova encrypts the file and then demand of 10 DAS coin, worth approximately $690 to unencrypts file.
This ransomware flattens with the help of multiple distribution routines, including:
- Spam emails;
- Brute-force attacks
- Hacked websites;
- Repacked installers;
- Drive-by downloads;
- Cracks or keygens;
- Fake updates, etc
The malware will try to create a mutex with a hardcoded name (in this case: 6a8c9937zFIwHPZ309UZMZYVnwScPB2pR2MEx5SY7B1xgbruoO) but the mutex name changes in each sample. If the mutex is created and gets the handle, it will call the “GetLastError” function and look if the last error is ERROR_ALREADY_EXISTS or ERROR_ACCESS_DENIED. Both errors mean that a previous instance of this mutex object exists. If that is the case, the malware will enter in a flow of cleaning memory, that we will explain later in this post, and finish. (source McAfee )
|Distribution||Spam emails, malicious files, hacked websites, drive-by downloads, fake updates, brute-force attacks, etc.|
|Discovery date||January 16th, 2019|
|Contactfirstname.lastname@example.org or email@example.com|
|Elimination||Scan your with Reimage or other software that is capable of detecting the payload|
How to Avoid Anatova diseases while browsing the web.
1.Backup your files regularly. (if possible otherwise weakly)
2. Download and install comprehensive security software and keep it up to date
3. Install system and software patches on time
4. Do not casually open attachments or click on links inside spam emails
5. Avoid visiting high-risk websites, such as porn, gambling, or file-sharing
6. Do not use cracks/keygens tolls. Hacker love injecting malicious scripts into cracks
Be careful with torrents, as something like name.torrent.exe is malicious
7. Disable Adobe Flash – it is an old and unsafe technology that will soon be terminated
Anatova usually uses the icon of a game or application to try and fool the user into downloading it.
How to Remove Anatova
First shutdown your system manually then, opened menu click “Restart“, while holding “Shift” button on your keyboard.
In the “choose an option” window click on the “Troubleshoot”, then select “Advanced options“.
In the advanced options menu select “Startup Settings” and click on the “Restart” button. In the following window, you should click the “F5” button on your keyboard. This will restart your operating system in safe mode with networking.
If you cannot start your computer in Safe Mode with Networking, try performing a System Restore. If you face any problem then contact our team we will try to solve your problem.