How to remove Anatova ransomware from Windows 10 PCs

Windows 10 ยป Update & Security

Reading time icon 4 min. read

Calendar icon Updated on

by Vlad Constantinescu 

updated on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Key notes

  • Anatova ransomware is a dangerous type of cyber-attack that targets local files on your PC, but also shared resources on your network.
  • Although ransomware is often difficult to get rid of, Anatova can be easily removed if you follow a few easy steps.
  • Check our Ransomware section to discover more about this type of cyber-attack.
  • Visit our Update & Security Hub to learn more about keeping your PC safe and secure.
Block Anatova ransomware

Nowadays, cyber-attacks are becoming more and more common and there’s no sign of stopping them any time soon. Not without a proper strategy, that is.

Anatova ransomware, for instance, is a popular (in the infamous kind of way) attack that affected several machines in 2019.

This ransomware was first discovered on a private peer to peer network by  McAfee’s security researchers.

The researchers studied the prepared modular extension of the ransomware and warned its users about its potential to become a serious threat.

Now here’s why it’s hazardous for any device it reaches: Anatova compels PC users to infect their machines by replicating the icon of an application or a game.

Once your device is infected, two things happen: your local files will get encrypted and all the files on network shares will share the same fate.

In the worst-case scenario, where the attacker wins, the victims have to pay a ransom of 10 Dash coins (valued at roughly $700) to get their files decrypted. 

How to get rid of Anatova ransomware?

Enable Safe mode with Networking

It’s possible to stop Anatova ransomware dead in its tracks by using Windows’ Safe mode.

Follow the steps explained below to access Safe Mode and get rid of this piece of malware:

  1. Open the Start Menu
  2. Click the Power button
  3. Hold Shift on your keyboard and select Restart
  4. Go to Troubleshoot
  5. Select Advanced options
  6. Click the Startup Settings button
  7. Press RestartComputer Stuck On Ctrl Alt Delete Screen
  8. Enable the Safe Mode with Command Prompt mode in Startup Settings

Restore system files and settings

  1. Launch a CMD instance with Administrator rights
  2. Type cd restore and hit the Enter button
  3. In the same CMD window type rstrui.exe and hit the Enter button
  4. Locate the newly-opened System Restore window
  5. Click the Next button
  6. Select the restore point that was created before the Aanatova attack
  7. Click the Next button
  8. Hit the Yes button to initiate the restoration process

How can I prevent Anatova ransomware?

Now that you got rid of the Anatova ransomware, you’ll need to make sure it won’t come back.

As usual, prevention is better than cure. Therefore, it’s wise to follow a few safety measures whenever you use your PC, especially while online.

  • Always use official, confirmed sources whenever you download games, apps, or any other document
  • Avoid shady websites, especially ones that are full of ads and pop-ups, or those that ask for notification permissions
  • Don’t open emails that look particularly suspicious
  • Avoid clicking attachments in email messages, especially if your email client flagged them as spam and blocked their content
  • Use trustworthy antivirus, antimalware, and firewall solutions on your PC
  • Don’t ignore any security warning you may see while navigating to a suspicious website

Ransomware is usually dangerous because it can lock you out of important documents on your computer.

With that in mind, it’s easy to see why making backup copies of everything important on your machine can be a good way to fight Anatova ransomware.

Even in the worst-case scenario where your files get locked beyond recovery you won’t have to pay a dime to the attacker, knowing well that you have backup copies.

It goes without saying that the backup copies should never ever reside on the same machine or in the same location as the original files.

Otherwise, you’ll face the risk of losing them to ransomware, as well.

Just use a memory stick or an external HDD and disconnect it once the backup is complete.

Conclusion

All things considered, if you’ve been affected by Anatova ransomware, you can easily get rid of it, granted that you have enabled the system restore option on your PC.

If you manage to get rid of Anatova ransomware, don’t forget to backup your files and take all necessary steps to prevent it (or any other similar malware) from ever returning to your PC.

More about the topics: Cybersecurity, Ransomware

Vlad Constantinescu

Vlad Constantinescu Shield

Vlad might have a degree in Animal Husbandry and Livestock Management, but he's currently rocking anything software related, ranging from testing programs to writing in-depth reviews about them. He spent 3-4 years as a software editor at Softpedia and another year as a VPN specialist before he landed his current job as an author at Windows Report. In his free time, Vlad enjoys playing guitar, doing jigsaw puzzles, researching cybersecurity, and even having a good read on rainy days.