Threat Intelligence ReportEclecticIQ Fusion Center Report: Annabelle Ransomware (Update) (English)

Security researchers have identified a new ransomware, named after the horror movie "Annabelle", which showcases a number of traditional ransomware features. This report details the observations seen by EclecticIQ Fusion Center analysts. 

Report from EclecticIQ Fusion Center from Thursday 1 March 2018.

Key Findings:

  • The Annabelle ransomware affects a user's computer by terminating various security and internet browsing programs, disabling Windows Defender and encrypting files. It then attempts to distribute itself using autoru.inf files, which is inefficient for systems using new versions of Windows
  • The encrypted file name includes a .ANNABELLE extension
  • It is based on the Stupid ransomware and is decrypted using an updated version of the StupidDecryptor key
  • The threat actor has been associated with previous malicious activity including DDoS activity and the Jigsaw ransomware

Download Resource

Download report and STIX entities See other resources