Ann ransomware (Removal Instructions) - Improved Guide

Ann virus Removal Guide

What is Ann ransomware?

Ann ransomware – a serious virus which modifies the Windows Registry to start its damaging activity

Ann ransomwareAnn ransomware - a file-encrypting virus which adds the .ANN extension to each corrupted file and turns them unusable.

Ann ransomware is a serious file-encrypting virus which infiltrates the system without being seen. Right after that, it starts its hazardous activity in the Windows Registry[1]. The ransomware-type virus makes changes by adding new registry entries to perform files' encryption. After the invasion, Ann virus appends the .ANN file extension to each locked document. It also drops a ransom note named #README_ANN#.rtf to inform its victims about the encrypted data and a need to pay a ransom. Cybercriminals urge victims to contact them via,, or email addresses, and pay the price for the decryption tool in 7 days. If the ransom is not paid during the given time limit – files will be permanently destroyed.

Name Ann
Type Ransomware
Extension .ANN
Ransom note #README_ANN#.rtf
Provided emails,,
Algorithm(s) used ABS-128, RSA-2048
Spreads by Spam messages
Elimination Use RestoroIntego to delete the ransomware-type virus from your PC system

Here is a piece of the ransom message displayed by Ann ransomware virus:



We are realy sorry to inform you that ALL YOUR FILES WERE ENCRYPTED

by our automatic software. It became possible because of bad server security.


Please don’t worry, we can help you to RESTORE your server to original

state and decrypt all your files quickly and safely!


Files are not broken!!!

Files were encrypted with ABS-128+RSA-2048 crypto algorithms.

There is no way to decrypt your files without unique decryption key and special software.

Your unique decryption key is securely stored on our server. For our safety, all

information about your server and your decryption key will be automaticaly DELETED

AFTER 7 DAYS! You will irrevocably lose all your data!

Please note that all the attempts to recover your files by yourself or using third party

tools will result only in irrevocable loss of your data!

Please note that you can recover files only with your unique decryption key, which

stored on our side. If you will use the help of third parties, you will only add a middleman.


Please write us to the e-mail (write on English or use professional translator):


Right after the infection, you might not notice anything suspicious at first. However, you can be sure that your computer is affected by Ann ransomware if you discover files with the .ANN appendix added to the. The encrypted data might include:

  • Text messages;
  • Databases;
  • Pictures;
  • Audio files;
  • Video files;
  • Etc.

Ann ransomware uses the ABS-128 and RSA-2048 algorithms[2] to lock up important data. Decryption keys are stored on remote servers and kept in reach only for the cybercrooks. That is what makes the file recovery almost impossible. As noticing that, cybercriminals offer the decryption tool in exchange for a particular amount of money. Usually, a type of cryptocurrency is demanded.

However, even if you are truly desperate, we advise avoiding any contact with the criminals. According to[3], victims are often likely to be scammed after the ransom is transferred. Also, due to the fact that such transfers remain secret, you are not able to get your money back. In order to avoid such losses, remove Ann virus from your computer as soon as possible. Download and install anti-malware help such as RestoroIntego to get rid of the serious threat permanently.

After you perform the Ann ransomware removal, make sure to keep your data safe in case another cyber attack happens. We are never completely safe while doing PC work. For such case, we recommend keeping important files on external devices such as iCloud or a USB drive. Securing your data in this way will let you avoid various corruptions.

Ann virusAnn virus is a serious cryptovirus which displays a typical ransom note and urges for money if the users want to decrypt their corrupted files.

Ransomware most commonly spreads through phishing messages

The most popular way, by which ransomware-type viruses distribute, are spam emails. Cybercriminals drop such messages to numerous users straight into their email boxes. Such content might come legal-looking. It can be an attachment or a link inserted inside the email message. However, if you are not expecting anything important recently, get rid of all phishing emails that you receive.

Some advice would be to download and install antivirus protection if you do not already have one. Such program will increase the security level and prevent your PC from various infections. Make sure that your antivirus is always kept up-to-date and functions properly.

Eliminate the Ann ransomware infection

To remove Ann virus from your computer system and prevent further damage, we recommend leaning on professional help. Download and install an anti-malware tool such as RestoroIntego, or Malwarebytes. The elimination might take a while but you will have a properly working computer at the end.

After you work on the Ann ransomware removal, make sure to perform one more step. Do some system backups to ensure that no virus-related components are still active on your PC.

For file decryption, you can look through the following methods. Some of them might be helpful.

do it now!
Restoro Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Restoro Intego, submit a question to our support team and provide as much details as possible.
Restoro Intego has a free limited scanner. Restoro Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Restoro, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of Ann virus. Follow these steps

Manual removal using Safe Mode

Use Safe Mode with Networking to deactivate the virus:

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):


After you are finished, reboot the PC in normal mode.

Remove Ann using System Restore

Try turning on the System Restore function to stay safe from the cyber attack:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt
    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Ann. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with RestoroIntego and make sure that Ann removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Ann from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

Ransomware-type viruses are commonly known for their damaging ability – file encryption. If you see data with the .ANN appendix, you can be sure that your computer is affected by Ann virus. Try some data restoring methods for file recovery.

If your files are encrypted by Ann, you can use several methods to restore them:

Data Recovery Pro might help you get important data back:

If you use this tool as described in the instructions, it might let you recover some of your corrupted files.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Ann ransomware;
  • Restore them.

Try using Windows Previous Versions feature to unlock data:

Take notice that this method might work only if you have enabled the System Restore feature before the ransomware invasion.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Use Shadow Explorer:

If the sneaky virus did not erase Shadow Volume Copies of the corrupted files, this method might let you restore some of your documents.

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Ann and other ransomwares, use a reputable anti-spyware, such as RestoroIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. The best solution for creating a tighter network could be a dedicated/fixed IP address.

If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for the server or network manager that needs to monitor connections and activities. VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world.


Recover files after data-affecting malware attacks

While much of the data can be accidentally deleted due to various reasons, malware is one of the main culprits that can cause loss of pictures, documents, videos, and other important files. More serious malware infections lead to significant data loss when your documents, system files, and images get encrypted. In particular, ransomware is is a type of malware that focuses on such functions, so your files become useless without an ability to access them.

Even though there is little to no possibility to recover after file-locking threats, some applications have features for data recovery in the system. In some cases, Data Recovery Pro can also help to recover at least some portion of your data after data-locking virus infection or general cyber infection. 


About the author
Lucia Danes
Lucia Danes - Virus researcher

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions