Annabelle: The Terrifying New Ransomware Variant

By   ISBuzz Team
Writer , Information Security Buzz | Feb 23, 2018 01:00 pm PST

A new ransomware variant called Annabelle has been discovered, which seems to have been designed to ‘show off the skills’ of the developer who created it, by being as difficult to deal with as possible. The ransomware terminates numerous security programs, disables Windows Defender, turning off the firewall, encrypting your files, trying to spread through USB drives, making it so you can’t run a variety of programs, and overwriting the master boot record of the infected computer with a boot loader. Andy Norton, Director of Threat Intelligence at Lastline commented below.

Andy Norton, Director of Threat Intelligence at Lastline:

“The more malicious things a piece of code does, the more alarm bells start ringing when scrutinised with behavioural analysis. Annabelle, by design would simply not pose a threat to any organisation using behavioural analysis, because it exhibits too many bad functions. It sets off too many alarms. Qkg, was interesting from a research perspective, because many machine learned behavioural algorithms were trained on Ransomware encrypting many thousands of existing files and deleting shadow copy. Qkg did neither, instead it went after newly created files.”

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x