Annabelle Ransomware Removal Guide

Do you know what Annabelle Ransomware is?

Annabelle Ransomware is an incredibly dangerous threat that can encrypt your files and your entire operating system by corrupting Master Boot Record (MBR) files. If this threat invades your operating system, you lose control over it, and that, needless to say, can be very scary. Are your personal files stored on an external drive or online? If they are, you do not need to worry about the fate of files; however, you need to worry about your operating system and its protection in the future. Also, you need to delete Annabelle Ransomware, and the sooner you do it, the better. Our research team has analyzed the threat, and it was found that it operates similarly to MBRlock Ransomware, Petya Ransomware, GoldenEye Ransomware, and several other well-known infections. More findings are represented in this report.

It is hard to say how exactly Annabelle Ransomware slithered into your operating system. Maybe it was downloaded by a silent Trojan or planted by attackers who have gained remote access to your system. Maybe you downloaded it without realizing it along with other malicious infections. Maybe you let it in by opening a malicious attachment represented via a misleading spam email. As you can see, there are tons of ways in which this malicious threat could invade your operating system. Unfortunately, when it does, you do not have much time to figure out what is going on, or that you need to remove the threat ASAP. It immediately encrypts files (including MBR), and then it quickly restarts the computer. When it loads up, you are introduced to a ransom note with the image of a well-known horror movie character, Annabelle, which is where the name of the threat comes from. Because the infection disables explorer.exe and kills Task Manager, you cannot get past the ransom note. This is most likely to be point where you recognize the activity of a malicious threat that must be deleted. The bad news is that you cannot restore access to the system or get your files decrypted by removing Annabelle Ransomware.

Are you willing to pay the ransom of 0.1 BTC to get a key that would initiate decryption? 0.1 Bitcoin, at the time of writing, converts to 1069 USD, which is a lot of money. Of course, if you have that to spare, you might be willing to download the Tor Browser, visit a site set up by cyber criminals, and follow the ransom payment instructions. The unfortunate thing is that your files are unlikely to be decrypted when you pay the ransom. If you restart the computer, the ransom demands will disappear, but you will be greeted with a different message: “Miss me ? ANNABELLE. iCoreX#1337Annabelle Ransomware Removal GuideAnnabelle Ransomware screenshot
Scroll down for full removal instructions

What happens after you repair the Windows MBR? You still need to remove Annabelle Ransomware, and if you are not sure where the malicious launcher of this infection is, it is unlikely that you will be able to handle the task on your own. All in all, it is high time you installed reliable anti-malware software to enable full-time protection, and if you install it, you will have Annabelle Ransomware deleted automatically. So, if you want your operating system cleaned and protected simultaneously, installing anti-malware software is the way to go. If you have questions about it, you can use the comments section below to contact us.

Delete Annabelle Ransomware

Windows 10/Windows 8.1/Windows 8

  1. Use the Windows Recovery CD and then restart the computer.
  2. Select Boot Windows with CD-ROM Drive.
  3. Select the right parameters, click Next, and then click Repair your computer.
  4. Move to the Troubleshoot menu and click Command Prompt.
  5. Enter these commands into the window:
    • bootrec /fixmbr
    • bootrec /fixboot
    • bootrec /scanos
    • bootrec /rebuildbcd
  6. Once the repair is complete, eject the CD, and enter exit into the Command Prompt.
  7. Restart the computer and Remove Annabelle Ransomware.

Windows 7/Windows Vista

  1. Use the Windows Recovery CD and then restart the computer.
  2. Select Boot Windows with CD-ROM Drive.
  3. Select the right parameters, click Next, and then click Repair your computer.
  4. Move to the System Recovery Options menu, select your operating system, and click Next.
  5. Select Command Prompt and enter these commands into the window:
    • bootrec /fixmbr
    • bootrec /fixboot
    • bootrec /rebuildbcd
  6. Once the repair is complete, eject the CD, and enter exit into the Command Prompt.
  7. Restart the computer and Remove Annabelle Ransomware.

Windows XP

  1. Use the Windows Recovery CD and then restart the computer.
  2. Select Boot Windows with CD-ROM Drive.
  3. When the Welcome to Setup menu appears, tap R.
  4. In the Recovery Console menu enter 1 to choose which Windows you log onto.
  5. Enter the Administrator password to access the system.
  6. Enter fixmbr to repair the MBR.
  7. Once the repair is complete, eject the CD, and enter exit into the Command Prompt.
  8. Restart the computer and Remove Annabelle Ransomware.

In non-techie terms:

If you have faced the malicious Annabelle Ransomware, your personal files are corrupted, and, most likely, the MBR is corrupted as well, which means that you cannot fully control your operating system, and that, needless to say, can create issues with the removal of the threat. Without a doubt, you want to remove Annabelle Ransomware as soon as possible, but, first, you need to repair the MBR. After you do that, you need to find the malicious .exe file that launched the ransomware. If you cannot eliminate the infection yourself, installing a legitimate anti-malware program is recommended. After all, you also need protection against malware in the future, and so employing such a program is highly recommended.