Infected with Animus Locker ransomware? Need to decrypt .animus files?

What is Animus Locker ransomware

Animus Locker ransomware is a relatively new virus, which encrypts users files on their machines, through unprotected network configuration. The first symptom of infiltration is new extension .animus which added to all filenames on users PC. For example, 1.doc become 1.doc.animus. After encryption users can use coded files. Animus Locker based on AES and RSA 2048 algorithms, so decryption is very difficult but sometimes possible. The second symptom is created files ANIMUS_RESTORE.txt with cybercriminals demands. They want 100$ for decryption, but in fact, can trick their victims easily, so we recommend not to pay them. Our recommendation is to remove Animus Locker ransomware and restore .animus files by recovering software. Ransom notes have the following text:

# animus locker #
SORRY! Your files are encrypted.
File contents are encrypted with random key.
Random key is encrypted with RSA public key (2048 bit),
We strongly RECOMMEND you not to use any "decryption tools".
These tools can damage your data, making recover IMPOSSIBLE.
Also we recommend you not to contact data recovery companies.
They will just contact us, buy the key and sell it to you at a higher price,
If you want to decrypt your files, you have to get RSA private key.
In order to get private key, write here:
j0ra@protonmail.com
########
!ATTENTION!
Attach file is 000000000.key from %appdata% to email message,
Without it we will not be able to decrypt your files
########
And pay 100$ on 1G5TThb5tcJ3LQbF4C4Tibgd9y7m3iYPFH wallet
If someone else offers you files restoring, ask him for test decryption,
Only we can successfully decrypt your files; knowing this can protect you from fraud.
You will receive instructions of what to do next.
# animus locker #

Update: Use following service to identify the version and type of ransomware you were attacked by: ID Ransomware. If you want to decrypt .animus files, please follow our instruction below or, if you have any difficulties, please contact us: submit@securitystronghold.com. We really can help to decrypt your files.

How Animus Locker ransomware infected your PC

Animus Locker comes on users PC through unprotected remote desktop configuration. Unfortunately, universal tool, capable to decrypt .animus files doesn’t exist, but some users report that they successfully restored some files, by recovering of shadow copies. The virus targets English speaking users but also can hit other users all over the world. Animus Locker firstly found on late of June 2018.

How to remove Animus Locker ransomware from your PC

To remove Animus Locker follow these easy steps below.

1. Start your computer in Safe Mode with networking. To do that, restart your computer before your system starts hit F8 several times. This will stop system from loading and will show Advanced boot options screen. Choose Safe mode with networking option from the options list using up and down arrows on your keyboard and hit Enter.
2. Log in to the system infected with the Animus Locker ransomware virus. Launch your Internet browser and download a reliable anti-malware program and start a full system scan. Once the scan is complete, review scan results and remove all entries detected.

Recommended Solution:

Norton is a powerful removal tool. It can remove all instances of newest viruses, similar to Animus Locker ransomware – files, folders, registry keys.

 

Download Norton*Trial version of Norton provides detection of computer viruses for FREE. To remove malware, you have to purchase the full version of Norton.

Restore .animus files using shadow copies

1. Download and run Stellar Data Recovery.
2. Select type of files you want to restore and click Next.
3. Select the drive and folder where your files are located and date that you want to restore them from and press Scan.
4. Once the scanning process is done, click Recover to restore your files.

Step 2: Remove following files and folders of Animus Locker ransomware:

Related connections or other entries:

HKEY_USERS\\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Run\MSFEEditor
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\996E.exe

Related files:

ANIMUS_RESTORE.txt
ANIMUS_RESTORE2.txt
ANIMUS_RESTORE3.txt
Ransom.exe
996E.exe
000000000.key

How to decrypt files infected by Animus Locker ransomware?

You can try to use manual methods to restore and decrypt your files.

Decrypt files manually

Restore the system using System Restore

Although latest versions of Animus Locker ransomware remove system restore files, this method may help you partially restore your files. Give it a try and use standard System Restore to revive your data.

1. Initiate the search for ‘system restore‘
2. Click on the result
3. Choose the date before the infection appearance
4. Follow the on-screen instructions

Roll the files back to the previous version

Previous versions can be copies of files and folders created by Windows Backup (if it is active) or copies of files and folders created by System Restore. You can use this feature to restore files and folders that you accidentally modified or deleted, or that were damaged. This feature is available in Windows 7 and later versions.

1. Right-click the file and choose Properties
2. Open the Previous Version tab
3. Select the latest version and click Copy
4. Click Restore

Protect your computer from ransomware

Most modern antiviruses can protect your PC from ransomware and crypto-trojans, but thousands of people still get infected. There are several programs that use different approach t protect from ransomware and lockers. One of the best is HitmanPro.Alert with CryptoGuard. You may already know HitmanPro as famous cloud-based anti-malware scanner. Check out ultimate active protection software from SurfRight.

Download HitmanPro.Alert with CryptoGuard

Written by Tim Kas