annablle ransomware decrypt tools

 Annabelle RANSOMWARE DECRYPTION TOOL
Introduction: This tool decrypts files encrypted by Annabelle ransomware. You can
recognize this ransomware by the extension it appends to the encrypted files:
(.ANNABELLE).:
clean.hivu. ANNABELLE  tools decryption
Ransom-note:


Annabelle encrypts user files using AES256 CBC with a hardcoded key and IV.

Example of encrypted files:
NOTE 1: the malware locks the screen of the pc in the first phase and changes the
MBR in the second phase. In order to be able to use the tool, the user should do the
following :
- recover the MBR(replacement / change if possible via various tools)
- delete the registry keys and the malware remainans offline / rescue-CD
- use BDAnnabelleDecryptor tool to decrypt the files
NOTE 2: due to the encryption using AES, the size of the result message will be a
multiple of 16 bytes. Therefore, upon decryption, there is a chance that a few bytes
will remain at the end of the file (max 15). This should not affect the file and they
cannot be removed during decryption since there is no mark of the original file size.
Steps for decryption:
Step 1: Download the decryption tool from
tools and save it
somewhere on your computer
Step 2: Double-click the file (previously saved as BDAnnabelleDecryptor.exe) and allow it to
run by clicking Yes in the UAC prompt