.Anonimus.mr@yahoo.com virus is a crypto malware that originates from Animus actors

.Anonimus.mr@yahoo.com virus is a new threat that appeared early August 2018. According to researchers, authors of Animus switched over to using Scarab ransomware code. Extortionists use AES[1] military-grade encryption algorithm to lock up personal data, which makes files unusable and appends the .anonimus.mr@yahoo.com extension to each of the affected files. Unfortunately, only hackers have access to the decryption tool, and victims need to pay ransom in cryptocurrency (typically Bitcoin) for it. All the information about the virus ransomware can be found in a ransom note called HOW TO RECOVER ENCRYPTED FILES.TXT which is placed into each of the compromised files' folder.
| Summary | |
| Name | .anonimus.mr@yahoo.com virus |
| Type | Ransomware |
| Related ransomware | Animus ransomware |
| A variant of | Scarab ransomware |
| Cipher used | AES |
| Ransom note | HOW TO RECOVER ENCYPTED FILES.TXT |
| Contact email | anonimus.mr@yahoo.com |
| Decryption | Backups or third-party apps only, no official decryptors created yet |
| Elimination | Use reputable security software like FortectIntego or MalwarebytesMalwarebytes |
AnimusLocker ransomware was quickly deciphered by malware hunters and became ineffective in a short period of time. Thus, researchers believe that due to the inability to fix flaws in its own code, hackers resorted to using more sophisticated one – Scarab. Although files of the several variants of the latter can be recovered using official decryptors, the experts still did manage to crack .anonimus.mr@yahoo.com virus' code yet.
The .Anonimus.mr@yahoo.com virus enters machines in deceptive ways, but devices that are unprotected by security software are especially vulnerable. Therefore, malware researchers[2] recommend having powerful security software installed at all times. We highly recommend either FortectIntego or MalwarebytesMalwarebytes.
.Anonimus.mr@yahoo.com ransomware makes several changes to the infected device:
- Modifies Windows Registry.[3] This allows the virus to be launched with every Windows boot.
- Deletes Shadow Volume Copies. This is the automatic Windows backup system.
- Modifies all personal files by adding .anonimus.mr@yahoo.com file extension.
Several different files can be affected, including .doc, .pdf, .html, .dat, .zip, .jpg, .mp3 and similar. For example, picture.jpg is turned into picture.jpg..anonimus.mr@yahoo.com. Soon after locking the data, the crypto-virus uploads the ransom note on victims' computer that states the following:
YOU FILES WAS ENCRYPTED
YOURS PERSONAL IDENTIFICATOR
XXX [redacted]
[WHAT HAPPENED] Your important files produced on this computer have been encrypted due a security problem. If you want to restore them, write us to the e-mail: anonimus.mr@yahoo.com. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.
[FREE DECRYPTION AS GUARANTEE] Before paying you can send to us up to 3 files for free decryption. Please note that files must NOT contain valuable information and their total size must be less than 1MB.
[ATTENTION] Do not rename encypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. If you not write on e-mail in 2 day – your key has been deleted and you cant decrypt your files.
Hackers offer victims the “free” decryption service to prove that they can decode data. Please do not contact these people and remove .anonimus.mr@yahoo.com virus from your computer instead. Regardless of what they say, you might not get any files back, as they might simply ignore you.
As soon as you perform full .anonimus.mr@yahoo.com removal, you can try to recover your data. Unfortunately, the only safe way to decrypt files is by using backups. If you do not possess one, you can try to use third-party software, although chances of recovery are pretty low.

Do not open spam emails casually – ransomware can be hidden inside
Spam emails have been around as long as the online advertisement was active – since the early 90s. While most of the spam emails that enter your inbox are most likely harmless, several phishing emails can end up there as well. The worst part is that some phishing emails are so well engineered that it is quite hard to recognize whether or not the message is legitimate or fake.
It is true that many genuine emails might end up in the Spam folder. Therefore, you do not have to eliminate all of them straight away. Nevertheless, be sure to pay attention and learn to recognize fake emails. Check for grammar and/or spelling mistakes, questionable formatting, the referral (Dear Customer, Dear User and similar) and especially the “From” address, as is the best giveaway when it comes to phishing emails. If you notice anything suspicious, remove the email without thinking and never open attachments or click on links inside.
Additionally, security researchers recommend avoiding suspicious file-sharing, porn, and similar sites and installing reputable security software. Finally, updating backups regularly is a must.
Eliminate .anonimus.mr@yahoo.com virus and then proceed with file recovery
Like we already mentioned, you should not proceed with file recovery before you remove the .anonimus.mr@yahoo.com virus from your computer entirely. While it is possible to get rid of the malware manually, it is not recommended, as several changes made to the system makes it very difficult.
Therefore, we recommend downloading and installing FortectIntego or MalwarebytesMalwarebytes for a full .anonimus.mr@yahoo.com virus removal. Be aware that malware might block security software. In such case, enter Safe Mode with Networking and start the scan from there.
Only when the .anonimus.mr@yahoo.com elimination is completed, you can proceed with file decryption. Either get them back from a backup or use third-party software. For the latter, check the instructions below.
Was this guide helpful?
Be the first to comment