Annabelle Ransomware disables Windows Defender


A new kind of ransomware named ‘Annabelle’ has turned into a nightmare for online users these days. And security experts suggest that the said ransomware has the potential to disable Windows Defender and turn off the firewall, encrypt files and shut down any computer security programs which are currently prevailing in the security market.

Bleeping Computer, a tech resource was the first online resource to report this fact. It said that Annabelle ransomware has the potential to spread to USB drives and has the ability to overwrite computer master boot record with a bootloader.

A researcher named Bart from Malware Hunter team was the first individual to spot the malware. He discovered that Annabelle can start on an automated note when a user logs into Windows and then shuts down the program. After that, it configures entries in the Image File Execution registry so that users cannot launch programs on their computer from then on. Bart sighted that the malware then starts spreading through autoru.inf files. Although Windows 10 doesn’t support these operations, security experts say that it still makes Windows 10 OS vulnerable to Annabelle ransomware attack.

Though Microsoft is trying to defend its security software on this note, some Reddit users have reported that the malware is seen disabling the latest version of Windows 10 software.

Kaspersky mentioned in its 2017 Ransomware security report that for every 10 seconds a consumer gets hit with ransomware. And for every 40 seconds, a company gets hit with ransomware.

Thus, Ransomware damage in 2017 has been estimated to be $5 billion by Russian security firm Kaspersky, up from $325 million in 2015.

So, for companies which have ignored threat detection software installation so far, better fasten up your seat belts before it’s too late.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display