Severity scale:  

Remove Ann ransomware (Removal Instructions) - Improved Guide

removal by Lucia Danes - - | Type: Ransomware

Ann ransomware – a serious virus which modifies the Windows Registry to start its damaging activity

Ann ransomware

Ann ransomware is a serious file-encrypting virus which infiltrates the system without being seen. Right after that, it starts its hazardous activity in the Windows Registry[1]. The ransomware-type virus makes changes by adding new registry entries to perform files' encryption. After the invasion, Ann virus appends the .ANN file extension to each locked document. It also drops a ransom note named #README_ANN#.rtf to inform its victims about the encrypted data and a need to pay a ransom. Cybercriminals urge victims to contact them via,, or email addresses, and pay the price for the decryption tool in 7 days. If the ransom is not paid during the given time limit – files will be permanently destroyed.

Name Ann 
Type Ransomware
Extension .ANN
Ransom note #README_ANN#.rtf
Provided emails,, 
Algorithm(s) used ABS-128, RSA-2048
Spreads by Spam messages
Elimination Use Reimage Reimage Cleaner Intego to delete the ransomware-type virus from your PC system

Here is a piece of the ransom message displayed by Ann ransomware virus:



We are realy sorry to inform you that ALL YOUR FILES WERE ENCRYPTED

by our automatic software. It became possible because of bad server security.


Please don’t worry, we can help you to RESTORE your server to original

state and decrypt all your files quickly and safely!


Files are not broken!!!

Files were encrypted with ABS-128+RSA-2048 crypto algorithms.

There is no way to decrypt your files without unique decryption key and special software.

Your unique decryption key is securely stored on our server. For our safety, all

information about your server and your decryption key will be automaticaly DELETED

AFTER 7 DAYS! You will irrevocably lose all your data!

Please note that all the attempts to recover your files by yourself or using third party

tools will result only in irrevocable loss of your data!

Please note that you can recover files only with your unique decryption key, which

stored on our side. If you will use the help of third parties, you will only add a middleman.


Please write us to the e-mail (write on English or use professional translator):


Right after the infection, you might not notice anything suspicious at first. However, you can be sure that your computer is affected by Ann ransomware if you discover files with the .ANN appendix added to the. The encrypted data might include:

  • Text messages;
  • Databases;
  • Pictures;
  • Audio files;
  • Video files;
  • Etc.

Ann ransomware uses the ABS-128 and RSA-2048 algorithms[2] to lock up important data. Decryption keys are stored on remote servers and kept in reach only for the cybercrooks. That is what makes the file recovery almost impossible. As noticing that, cybercriminals offer the decryption tool in exchange for a particular amount of money. Usually, a type of cryptocurrency is demanded.

However, even if you are truly desperate, we advise avoiding any contact with the criminals. According to[3], victims are often likely to be scammed after the ransom is transferred. Also, due to the fact that such transfers remain secret, you are not able to get your money back. In order to avoid such losses, remove Ann virus from your computer as soon as possible. Download and install anti-malware help such as Reimage Reimage Cleaner Intego to get rid of the serious threat permanently.

After you perform the Ann ransomware removal, make sure to keep your data safe in case another cyber attack happens. We are never completely safe while doing PC work. For such case, we recommend keeping important files on external devices such as iCloud or a USB drive. Securing your data in this way will let you avoid various corruptions.

Ann virusAnn virus is a serious cryptovirus which displays a typical ransom note and urges for money if the users want to decrypt their corrupted files.

Ransomware most commonly spreads through phishing messages

The most popular way, by which ransomware-type viruses distribute, are spam emails. Cybercriminals drop such messages to numerous users straight into their email boxes. Such content might come legal-looking. It can be an attachment or a link inserted inside the email message. However, if you are not expecting anything important recently, get rid of all phishing emails that you receive.

Some advice would be to download and install antivirus protection if you do not already have one. Such program will increase the security level and prevent your PC from various infections. Make sure that your antivirus is always kept up-to-date and functions properly. 

Eliminate the Ann ransomware infection

To remove Ann virus from your computer system and prevent further damage, we recommend leaning on professional help. Download and install an anti-malware tool such as Reimage Reimage Cleaner Intego, or Malwarebytes. The elimination might take a while but you will have a properly working computer at the end.

After you work on the Ann ransomware removal, make sure to perform one more step. Do some system backups to ensure that no virus-related components are still active on your PC.

For file decryption, you can look through the following methods. Some of them might be helpful.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove Ann virus, follow these steps:

Remove Ann using Safe Mode with Networking

Use Safe Mode with Networking to deactivate the virus:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Ann

    Log in to your infected account and start the browser. Download Reimage Reimage Cleaner Intego or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Ann removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Ann using System Restore

Try turning on the System Restore function to stay safe from the cyber attack:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Ann. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage Reimage Cleaner Intego and make sure that Ann removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Ann from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

Ransomware-type viruses are commonly known for their damaging ability – file encryption. If you see data with the .ANN appendix, you can be sure that your computer is affected by Ann virus. Try some data restoring methods for file recovery.

If your files are encrypted by Ann, you can use several methods to restore them:

Data Recovery Pro might help you get important data back:

If you use this tool as described in the instructions, it might let you recover some of your corrupted files.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Ann ransomware;
  • Restore them.

Try using Windows Previous Versions feature to unlock data:

Take notice that this method might work only if you have enabled the System Restore feature before the ransomware invasion.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Use Shadow Explorer:

If the sneaky virus did not erase Shadow Volume Copies of the corrupted files, this method might let you restore some of your documents.

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Ann and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner or Malwarebytes

Do not let government spy on you

The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Backup files for the later use, in case of the malware attack

Computer users can suffer various losses due to cyber infections or their own faulty doings. Software issues created by malware or direct data loss due to encryption can lead to problems with your device or permanent damage. When you have proper up-to-date backups, you can easily recover after such an incident and get back to work.

It is crucial to create updates to your backups after any changes on the device, so you can get back to the point you were working on when malware changes anything or issues with the device causes data or performance corruption. Rely on such behavior and make file backup your daily or weekly habit.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware occurs out of nowhere. Use Data Recovery Pro for the system restoring purpose.

About the author
Lucia Danes
Lucia Danes - Virus researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions


Your opinion regarding Ann ransomware