Threat Intelligence Report

EclecticIQ Fusion Center Report: Annabelle Ransomware (Update) (English)

Security researchers have identified a new ransomware, named after the horror movie "Annabelle", which showcases a number of traditional ransomware features. This report details the observations seen by EclecticIQ Fusion Center analysts.

Report from EclecticIQ Fusion Center from Thursday 1 March 2018.

Key Findings:

  • The Annabelle ransomware affects a user's computer by terminating various security and internet browsing programs, disabling Windows Defender and encrypting files. It then attempts to distribute itself using autoru.inf files, which is inefficient for systems using new versions of Windows
  • The encrypted file name includes a .ANNABELLE extension
  • It is based on the Stupid ransomware and is decrypted using an updated version of the StupidDecryptor key
  • The threat actor has been associated with previous malicious activity including DDoS activity and the Jigsaw ransomware

Download Report

About EclecticIQ

EclecticIQ develops analyst-centric products that align our clients’ cybersecurity focus with their threat reality. The result is intelligence-led security, improved detection, prevention, and response.

EclecticIQ Fusion Center

EclecticIQ Fusion Center delivers thematic intelligence bundles providing a single curated source of relevant CTI from leading suppliers all in a single contract.