A dangerous virus created for Portuguese-speaking countries has been detected by malware research experts to use the .lok file extension and a strong cipher to encrypt files. The files which are encrypted by the Anatel virus can no longer be accessed by the user, and the ransomware drops a LEIA.txt readme file which notifies the user that he must contact the cyber-criminals’ e-mail address for most likely making a ransom payoff. The name Anatel comes from the Brazilian Agency for Telecommunications. Users who have become victims of the Anatel crypto-virus are given recommendations by experts to remove this threat immediately and instead of paying the ransom to seek alternative methods for file reverting. We suggest you to red this article to learn more about how to remove Anatel Ransomware and attempt alternative methods to revert your files.
|Short Description||The malware encrypts users’ files and drops a ransom note afterwards.|
|Symptoms||The user may witness ransom messages and “instructions” and the files encrypted with an added .lok file extension.|
|Distribution Method||Via an Exploit kit.|
|Detection Tool|| See If Your System Has Been Affected by Anatel Ransomware |
Malware Removal Tool
|User Experience||Join our forum to Discuss Anatel Ransomware.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
Anatel Ransowmare – How Does It Infect
Anatel Ransomware Viewed In Depth
When the user opens malicious files by Anatel Ransomware, it immediately drops the payload files. Here are some of the folders in which malicious files by Anatel Ransomware may exist:
- %User’s Profile%
After its malicious files have been dropped, the Anatel Ransomware virus may either run immediately or perform the safer action – modify registry keys to run when you start Windows. If it does so, you may find suspicious String Values associated with Anatel in the following Windows Registry Key:
After the encryption process by Anatel Ransowmare is initiated, it is reported by Symantec(Symantec.com) researchers that it looks for widely used types of files to encode them:
After it has encrypted the files, Anatel Ransowmare may also connect to several malicious hosts associated with the following domain to send generated decryption keys and other system information:
Researchers report that the host name, the user’s profile name along with the keys is sent out to cyber-criminals. After this has been done, Anatel ransomware drops its LEIA.txt file which translates to the word “Read” in the following location:
The file contains a brief message written In Portoguese:
The encrypted files by this ransomware are appended the .lok file extension and they may look like the following:
So far it is quite unclear as to why the ransom note ends with “We are anonymous” and why Anatel’s name is involved but theorists believe that the money generated from this attack may be used in a hacktivist attack.
Anatel Ransomware – Removal and File Restoration Alternatives
To remove Anatel Ransomware, we strongly suggest using the instructions which we have provided after this article. In case you are experiencing difficulties in manually getting rid of this virus, we suggest using an advanced anti-malware program to get automatically rid of this virus.
To restore your files, we suggest the solutions which we have provided below in step “3. Restore files encrypted by Anatel”. They are not 100 percent guarantee you will get your files back; however they are worth a try. Also, we suggest using file decryptors since this Ransomware may have a so-called CBC mode which may break the files if a decryptor other than the original is used.
Picture Icons by Freepik – Freepik.com