Severity scale:  
  (98/100)

Ann ransomware. How to remove? (Uninstall guide)

removal by Lucia Danes - - | Type: Ransomware

Ann ransomware – a serious virus which modifies the Windows Registry to start its damaging activity

Ann ransomware
Ann ransomware - a file-encrypting virus which adds the .ANN extension to each corrupted file and turns them unusable.

Ann ransomware is a serious file-encrypting virus which infiltrates the system without being seen. Right after that, it starts its hazardous activity in the Windows Registry[1]. The ransomware-type virus makes changes by adding new registry entries to perform files' encryption. After the invasion, Ann virus appends the .ANN file extension to each locked document. It also drops a ransom note named #README_ANN#.rtf to inform its victims about the encrypted data and a need to pay a ransom. Cybercriminals urge victims to contact them via AskHeIp@protonmail.com, AskHeIp@tutanota.com, or AskHeIp@india.com email addresses, and pay the price for the decryption tool in 7 days. If the ransom is not paid during the given time limit – files will be permanently destroyed.

Name Ann 
Type Ransomware
Extension .ANN
Ransom note #README_ANN#.rtf
Provided emails AskHeIp@protonmail.com, AskHeIp@tutanota.com, AskHeIp@india.com 
Algorithm(s) used ABS-128, RSA-2048
Spreads by Spam messages
Elimination Use Reimage to delete the ransomware-type virus from your PC system

Here is a piece of the ransom message displayed by Ann ransomware virus:

HOW TO RECOVER YOUR FlLES lNSTRUCTlON

ATENTION!!!

We are realy sorry to inform you that ALL YOUR FILES WERE ENCRYPTED

by our automatic software. It became possible because of bad server security.

ATENTION!!!

Please don’t worry, we can help you to RESTORE your server to original

state and decrypt all your files quickly and safely!

INFORMATION!!!

Files are not broken!!!

Files were encrypted with ABS-128+RSA-2048 crypto algorithms.

There is no way to decrypt your files without unique decryption key and special software.

Your unique decryption key is securely stored on our server. For our safety, all

information about your server and your decryption key will be automaticaly DELETED

AFTER 7 DAYS! You will irrevocably lose all your data!

Please note that all the attempts to recover your files by yourself or using third party

tools will result only in irrevocable loss of your data!

Please note that you can recover files only with your unique decryption key, which

stored on our side. If you will use the help of third parties, you will only add a middleman.

HOW TO RECOVER FILES???

Please write us to the e-mail (write on English or use professional translator):

AskHeIp@protonmail.com
AskHeIp@tutanota.com
AskHeIp@india.com

<….>

Right after the infection, you might not notice anything suspicious at first. However, you can be sure that your computer is affected by Ann ransomware if you discover files with the .ANN appendix added to the. The encrypted data might include:

  • Text messages;
  • Databases;
  • Pictures;
  • Audio files;
  • Video files;
  • Etc.

Ann ransomware uses the ABS-128 and RSA-2048 algorithms[2] to lock up important data. Decryption keys are stored on remote servers and kept in reach only for the cybercrooks. That is what makes the file recovery almost impossible. As noticing that, cybercriminals offer the decryption tool in exchange for a particular amount of money. Usually, a type of cryptocurrency is demanded.

However, even if you are truly desperate, we advise avoiding any contact with the criminals. According to SenzaVirus.it[3], victims are often likely to be scammed after the ransom is transferred. Also, due to the fact that such transfers remain secret, you are not able to get your money back. In order to avoid such losses, remove Ann virus from your computer as soon as possible. Download and install anti-malware help such as Reimage to get rid of the serious threat permanently.

After you perform the Ann ransomware removal, make sure to keep your data safe in case another cyber attack happens. We are never completely safe while doing PC work. For such case, we recommend keeping important files on external devices such as iCloud or a USB drive. Securing your data in this way will let you avoid various corruptions.

Ransomware most commonly spreads through phishing messages

The most popular way, by which ransomware-type viruses distribute, are spam emails. Cybercriminals drop such messages to numerous users straight into their email boxes. Such content might come legal-looking. It can be an attachment or a link inserted inside the email message. However, if you are not expecting anything important recently, get rid of all phishing emails that you receive.

Some advice would be to download and install antivirus protection if you do not already have one. Such program will increase the security level and prevent your PC from various infections. Make sure that your antivirus is always kept up-to-date and functions properly. 

Eliminate the Ann ransomware infection

To remove Ann virus from your computer system and prevent further damage, we recommend leaning on professional help. Download and install an anti-malware tool such as Reimage, or Plumbytes Anti-MalwareNorton Internet Security. The elimination might take a while but you will have a properly working computer at the end.

After you work on the Ann ransomware removal, make sure to perform one more step. Do some system backups to ensure that no virus-related components are still active on your PC.

For file decryption, you can look through the following methods. Some of them might be helpful.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Ann ransomware you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Ann ransomware. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
More information about this program can be found in Reimage review.
Press mentions on Reimage
Alternate Software
Plumbytes Anti-Malware
We have tested Plumbytes Anti-Malware's efficiency in removing Ann ransomware (2018-08-08)
Malwarebytes
We have tested Malwarebytes's efficiency in removing Ann ransomware (2018-08-08)
Hitman Pro
We have tested Hitman Pro's efficiency in removing Ann ransomware (2018-08-08)
Malwarebytes
We have tested Malwarebytes's efficiency in removing Ann ransomware (2018-08-08)

To remove Ann virus, follow these steps:

Remove Ann using Safe Mode with Networking

Use Safe Mode with Networking to deactivate the virus:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Ann

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Ann removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Ann using System Restore

Try turning on the System Restore function to stay safe from the cyber attack:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Ann. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Ann removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Ann from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

Ransomware-type viruses are commonly known for their damaging ability – file encryption. If you see data with the .ANN appendix, you can be sure that your computer is affected by Ann virus. Try some data restoring methods for file recovery.

If your files are encrypted by Ann, you can use several methods to restore them:

Data Recovery Pro might help you get important data back:

If you use this tool as described in the instructions, it might let you recover some of your corrupted files.

Try using Windows Previous Versions feature to unlock data:

Take notice that this method might work only if you have enabled the System Restore feature before the ransomware invasion.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Use Shadow Explorer:

If the sneaky virus did not erase Shadow Volume Copies of the corrupted files, this method might let you restore some of your documents.

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Ann and other ransomwares, use a reputable anti-spyware, such as Reimage, Malwarebytes Malwarebytes or Plumbytes Anti-MalwareNorton Internet Security

About the author

Lucia Danes
Lucia Danes - Virus researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions

References