AnonPop ransomware is a PC infection that may be spread via massive spam campaigns over the Internet. It deceives the victims into believing that it encrypts their data but in fact it deletes it from the system. AnonPop is a fake ransomware and demands an amount of $125 at first. The good news is files deleted by AnonPop can be restored following several approaches. The thorough reading of this article will take you to the solution of this nasty PC infection.
How does AnonPop ransomware infect the computer?
AnonPop ransomware may be concealed in spam e-mail messages that contain malicious URLs or attachments. Sometimes the ransomware could be hidden in the links of spammed comments. Many websites are not secured against referral and other types of spam. Another possible way of infection is through malicious URLs included in fake notifications, shares and messages in social media sites. Just one click on the fraudulent attachment or link will download the ransomware on the computer.
What is AnonPop ransomware?
The technique of AnonPop ransomware infection is not а traditional one. Instead of scanning for different types of file extensions and then encrypting the data, it automatically deletes all found files in the folders and drives mentioned below. This particular characteristic makes AnonPop a fake ransomware. Anyway, it demands a ransom payoff amounted to $125 at first.
Targeted folders of AnonPop fake ransomware are:
- %Documents%
- %Downloads%
- %Pictures%
- %Music%
- %Videos%
- %Contacts%
- %Favorites%
- %Searches%
- Google’s Folders
- Windows Defender’s Folders
- Mozilla Firefox’s Folders
- Internet Explorer’s Folders
- %AppData%\Local\Temp\
- %Desktop%
Here is a list of all drives that are hit by the fake ransomware:
→-> D:\ ,E:\ ,F:\ ,H:\ ,G:\ ,I:\
The interesting point is that all files that are essential for the regular performance of Windows operating system remain unviolated. Anyway, once the system is infected the user can’t access it. It’s because, at the next stage of infection, the ransomware downloads a JPG image and locks Windows desktop. Thus the access to everything on the computer is restricted. The creators of the ransomware have included the Anonymous face in the lock-screen wallpaper.
The ransom message on the lock-screen wallpaper states:
“Your computer and files ae encrypted
$125 within 24 hours. $199 after 24 hours
Operating system and files deleted after 72 hours
————write this information down—————
Email: [email protected]
The same information is on your desktop called
Payment_Instructions
Ransom Id:
BTC Address: 1HxkJ3vpcHgdt9yyY4XivdY9jKkcZH
IF YOU LOOSE THIS INFO YOU WILL NOT BE ABLE TO CONTACT US
Your computer files have been encrypted and moved to a hidden encrypted partition on your computer.
Without the decryption password you will not get them back.
No matter what you do the files will not re-appear and be decrypted until you pay.
Once payment is received you will get the decryption password and simple instructions to restore all your files and computer to normal instantly. Email us if you need assistance or have paid.
Email: supportfile@yandex(.)com
DO NOT LOOSE THE CONTACT INFO”
The lock-screen feature that restricts the access to whole system hint at modifications of values in the following registry keys:
- HKEY_USERS\.DEFAULT\Control Panel\Desktop
- HKEY_USERS\.DEFAULT\Control Panel\ScreenSaveActive
- HKEY_USERS\.DEFAULT\Control Panel\SCRNSAVE.EXE
- HKEY_USERS\.DEFAULT\Control Panel\ScreenSaveTimeOut
- HKEY_USERS\.DEFAULT\Control Panel\ScreenSaverIsSecure
Another feature of AnonPop ransomware is a pop-up message that once displayed leads to shutting down the computer.
Hopefully, the number of defrauded victims is not large.
Can deleted files by AnonPop fake ransomware be restored?
The good news is due to the ordinary technique of erasing the files from the computer, there are possible working approaches that can help for data recovery. A check for any backups and shadow volume copies can help you get right away in restoring some of the deleted files. Utilizing the Shadow Explorer software will contribute to finding all existing shadow volume copies of the files. Another approach is using data recovery software. Such kind of software will scan the sectors of the hard drive and recover files. There is no guarantee that all of the lost data will be restored, but it is highly possible to get most of the records back.
How to remove AnonPop fake ransomware?
No matter that AnonPop is not like the average ransomware in terms of the damage it does on the system, it still is a serious threat that has to be removed from the computer. Only after this action, the computer can work properly again. AnonPop ransomware infection can be easily removed with advanced anti-malware software. The ransomware makes the computer inaccessible as mentioned, so for the needs of successful removal of AnonPop, start the computer in Safe Mode. Then run a scan with the anti-malware software. It will find all files and objects associated with AnonPop ransomware. After the scan process, the ransomware can be completely removed from the computer.
