Annabelle Ransomware

New Annabelle Ransomware discovered

Target: Potentially high profile companies, as the threat actor want to primarily advertise their skills

Attack Vector: Ransomware tool which first disables processes that may interfere with its actions


During March 2018 a new type of ransomware was observed. Discovered by security researcher @bartblaze, the tool is based on the horror movie Annabelle and seems to be designed to show off the skill and capability of the threat actor behind it rather than to be used maliciously. The ransomware has extensive capabilities which combine many different features usually observed individually in separate ransomware tools.

In addition, Annabelle appears to carry out several pre-operations which make it easier to carry out its goals, a tactic observed more often in ransomware tools.

Risk assessment summary:

The threat is assessed as 4d LOW. There are clear risks such as theft of sensitive information or inaccessibility of important files. The malware has not yet been observed in any mass distribution campaigns with its infrequent use lowering this possibility.

Additionally, the ransomware can be decrypted by a user following the correct process which suggests there may not be any long-term damage. However, the fact it can disable interfering programs and configure a target system to make a ransomware attack easier, does mean Annabelle remains a plausible threat.