BoraMurdar

Community Manager
Verified
Staff member
The Annabelle ransomware was first observed in the wild at the end of February 2018. It is based on the namesake horror movie franchise and for good reason. Once it reaches a computer, Annabelle tries to forcefully terminate processes associated with security programs, including Windows Defender and turns the Windows firewall off. Furthermore, it blocks certain programs from being launched, replicates itself on connected USB drives to spread faster and encrypts files on the local hard disk. As a finishing touch, it might override the MBR (master boot record), planting a custom bootloader. With this picture in mind, you can see that, once Annabelle reaches your PC, you might be experiencing a living nightmare.

Mandatory steps to take before file decryption
If you find files on your PC that have the .ANNABELLE extension, then it is clear that the entire system is infected. Bitdefender Annabelle Decryptor offers you a chance to recover data from your encrypted files, reversing the AES256 CBC encryption. However, there is a catch. To be able to use the tool, you must first recover the MBR using dedicated tools, and then you must delete the registry keys and other remnants of the Annabelle malware.

Scans a specific location or the entire folders for encrypted files
When running the Bitdefender Annabelle Decryptor, you will be prompted to read the end user license agreement and agree to its terms. Once you do so, the main window of the application is displayed.

Bitdefender Annabelle Decryptor can scan a specific path for files that are encrypted. However, if the encrypted data is spread across multiple directories, you can configure it to analyze the entire system. It is recommended that you check the backup option as well, just to be on the safe side of things. With this option enabled, Bitdefender Annabelle Decryptor creates a copy of the encrypted files before proceeding.

A post-infection solution to recover data compromised by ransomware
Bitdefender Annabelle Decryptor is worth trying if you care to recover files that the ransomware locked. Please keep in mind that this application is a decryption tool and not a malware remover. In other words, you will not be able to use it to remove the Annabelle ransomware from your PC, but only to recover data in encrypted files.
http://download.bitdefender.com/am/malware_removal/BDAnnabelleDecryptTool.exe