A new ransomware variant called Annabelle has been discovered, which seems to have been designed to ‘show off the skills’ of the developer who created it, by being as difficult to deal with as possible. The ransomware terminates numerous security programs, disables Windows Defender, turning off the firewall, encrypting your files, trying to spread through USB drives, making it so you can’t run a variety of programs, and overwriting the master boot record of the infected computer with a boot loader. Andy Norton, Director of Threat Intelligence at Lastline commented below.
Andy Norton, Director of Threat Intelligence at Lastline:
“The more malicious things a piece of code does, the more alarm bells start ringing when scrutinised with behavioural analysis. Annabelle, by design would simply not pose a threat to any organisation using behavioural analysis, because it exhibits too many bad functions. It sets off too many alarms. Qkg, was interesting from a research perspective, because many machine learned behavioural algorithms were trained on Ransomware encrypting many thousands of existing files and deleting shadow copy. Qkg did neither, instead it went after newly created files.”