What is ANUBIZ LOCKER Ransomware
Being part of the Babuk family, ANUBIZ LOCKER is a ransomware infection designed to encrypt data. It does so by using secure encryption algorithms and modifying the names of affected data with the .lomer extension. To illustrate, a file called 1.pdf
will change to 1.pdf.lomer
and reset its original icon to blank. After successfully restricting access to data, the virus then blackmails victims into paying a ransom. This is made through the How To Restore Your Files.txt text file which is created on compromised devices.
----------- [ Hello! ] --------------
******BY ANUBIZ LOCKER******
What happend?
----------------------------------------------
Your computers and servers are encrypted, backups are deleted from your network and copied. We use strong encryption algorithms, so you cannot decrypt your data.
But you can restore everything by purchasing a special program from us - a universal decoder. This program will restore your entire network.
Follow our instructions below and you will recover all your data.
If you continue to ignore this for a long time, we will start reporting the hack to mainstream media and posting your data to the dark web.
What guarantees?
----------------------------------------------
We value our reputation. If we do not do our work and liabilities, nobody will pay us. This is not in our interests.
All our decryption software is perfectly tested and will decrypt your data. We will also provide support in case of problems.
We guarantee to decrypt one file for free. Go to the site and contact us.
How to contact us?
----------------------------------------------
Using EMAIL:
1) Open your mail
2) Write us: anubiz@tuta.io
!!! DANGER !!!
DO NOT MODIFY or try to RECOVER any files yourself. We WILL NOT be able to RESTORE them.
!!! DANGER !!
The file says all valuable files have been encrypted and copied to servers of cybercriminals, all backups were deleted as well. Victims can potentially restore their data by purchasing special decryption software offered by the attackers. It is guided to establish contact with cybercriminals using their e-mail address to get further details on the decryption. Infected users are also allowed to attach one file in their message and get it decrypted for free. Should victims ignore these requests and linger with paying the ransom, cybercriminals threaten to start leaking collected files to dark web resources. Unfortunately, decrypting files without cybercriminals is quite an unreachable task. The ciphers are hard to break unless you have a special private key generated by swindlers during encryption. The price for decryption is unknown until victims get in touch with cybercriminals. In general, paying the ransom is not recommended, but this might be the only viable solution to recover your data and prevent it from ending up leaked. If you want to recover it back without the help of cybercriminals, it is possible to do it using backup copies. Read our guide below to learn all the existing recovery methods and how to delete ANUBIZ LOCKER Ransomware from your computer. Note that removing the virus will not return your data, but prevent it from running its future activity.
How ANUBIZ LOCKER Ransomware infected your computer
Ransomware is often distributed via phishing techniques. Such techniques try to convince users they download or install something important. For example, it is common to see swindlers spread malware using malicious attachments inside of spam letters. These letters are most often sent to e-mail addresses in a targeted country. Potential victims may be asked to download some “important” or “urgent” attachments which, in reality, contain a virus. Many crooks use popular macros-based files like Word, Excel, PDF, JavaScript, and other technically viable formats to hardwire the installation of malware. Ransomware infections may also be spread via dubious download channels (e.g. Peer-to-Peer networks, unofficial file-sharing websites, etc.). Users may also be redirected to suspicious pages claiming to download something disguised as official Adobe Flash Player updates, Antivirus installers, and so forth. Do not trust them and download content only from official or time-tested resources. For more information on securing yourself against such threats in the future, follow our tutorial below.
- Download ANUBIZ LOCKER Ransomware Removal Tool
- Get decryption tool for .lomer files
- Recover encrypted files with Stellar Data Recovery Professional
- Restore encrypted files with Windows Previous Versions
- Restore files with Shadow Explorer
- How to protect from threats like ANUBIZ LOCKER Ransomware
Download Removal Tool
To remove ANUBIZ LOCKER Ransomware completely, we recommend you to use SpyHunter 5. It detects and removes all files, folders, and registry keys of ANUBIZ LOCKER Ransomware. The trial version of Spyhunter 5 offers virus scan and 1-time removal for FREE.
Alternative Removal Tool
To remove ANUBIZ LOCKER Ransomware completely, we recommend you to use Norton Antivirus from Symantec. It detects and removes all files, folders, and registry keys of ANUBIZ LOCKER Ransomware and prevents future infections by similar viruses.
ANUBIZ LOCKER Ransomware files:
How To Restore Your Files.txt
{randomname}.exe
ANUBIZ LOCKER Ransomware registry keys:
no information
How to decrypt and restore .lomer files
Use automated decryptors
Download Kaspersky RakhniDecryptor
Use following tool from Kaspersky called Rakhni Decryptor, that can decrypt .lomer files. Download it here:
There is no purpose to pay the ransom because there is no guarantee you will receive the key, but you will put your bank credentials at risk.
Dr.Web Rescue Pack
Famous antivirus vendor Dr. Web provides free decryption service for the owners of its products: Dr.Web Security Space or Dr.Web Enterprise Security Suite. Other users can ask for help in the decryption of .lomer files by uploading samples to Dr. Web Ransomware Decryption Service. Analyzing files will be performed free of charge and if files are decryptable, all you need to do is purchase a 2-year license of Dr.Web Security Space worth $120 or less. Otherwise, you don’t have to pay.
If you are infected with ANUBIZ LOCKER Ransomware and removed from your computer you can try to decrypt your files. Antivirus vendors and individuals create free decryptors for some crypto-lockers. To attempt to decrypt them manually you can do the following:
Use Stellar Data Recovery Professional to restore .lomer files
- Download Stellar Data Recovery Professional.
- Click Recover Data button.
- Select type of files you want to restore and click Next button.
- Choose location where you would like to restore files from and click Scan button.
- Preview found files, choose ones you will restore and click Recover.
Using Windows Previous Versions option:
- Right-click on infected file and choose Properties.
- Select Previous Versions tab.
- Choose particular version of the file and click Copy.
- To restore the selected file and replace the existing one, click on the Restore button.
- In case there is no items in the list choose alternative method.
Using Shadow Explorer:
- Download Shadow Explorer program.
- Run it and you will see screen listing of all the drives and the dates that shadow copy was created.
- Select the drive and date that you want to restore from.
- Right-click on a folder name and select Export.
- In case there are no other dates in the list, choose alternative method.
If you are using Dropbox:
- Login to the DropBox website and go to the folder that contains encrypted files.
- Right-click on the encrypted file and select Previous Versions.
- Select the version of the file you wish to restore and click on the Restore button.
How to protect computer from viruses, like ANUBIZ LOCKER Ransomware, in future
1. Get special anti-ransomware software
Use ZoneAlarm Anti-Ransomware
Famous antivirus brand ZoneAlarm by Check Point released a comprehensive tool, that will help you with active anti-ransomware protection, as an additional shield to your current protection. The tool provides Zero-Day protection against ransomware and allows you to recover files. ZoneAlarm Anti-Ransomware is compatible with all other antiviruses, firewalls, and security software except ZoneAlarm Extreme (already shipped with ZoneAlarm Anti-Ransomware) or Check Point Endpoint products. The killer features of this application are: automatic file recovery, overwrite protection that instantly and automatically recovers any encrypted files, file protection that detects and blocks even unknown encryptors.
2. Back up your files
As an additional way to save your files, we recommend online backup. Local storage, such as hard drives, SSDs, flash drives, or remote network storage can be instantly infected by the virus once plugged in or connected to. ANUBIZ LOCKER Ransomware uses some techniques to exploit this. One of the best services and programs for easy automatic online backup is iDrive. It has the most profitable terms and a simple interface. You can read more about iDrive cloud backup and storage here.
3. Do not open spam e-mails and protect your mailbox
Malicious attachments to spam or phishing e-mails are the most popular method of ransomware distribution. Using spam filters and creating anti-spam rules is good practice. One of the world leaders in anti-spam protection is MailWasher Pro. It works with various desktop applications and provides a very high level of anti-spam protection.