CyberSecurity news
FlagThis
Rescana@Rescana
//
A new and dangerous version of the Anubis ransomware has emerged, now equipped with a data wiping module that significantly increases the stakes for victims. The Anubis Ransomware-as-a-Service (RaaS) has been active since December 2024 and now presents a dual-threat by not only encrypting files, but also permanently deleting them. This means that even if victims pay the ransom, data recovery is impossible because of the '/WIPEMODE' parameter which renders file contents to 0 KB, despite preserving the file names and extensions.
The ransomware is being deployed via phishing emails with malicious attachments or deceptive links which bypass endpoint defenses. Once inside a network, it uses lateral movement techniques, such as privilege escalation, to gain deeper access. The primary targets are organizations within the healthcare, hospitality, and construction sectors, impacting entities across Australia, Canada, Peru, and the United States. This dual-threat capability represents an evolution from traditional ransomware, exerting even more pressure on victims to comply with ransom demands.
Cybersecurity experts are urging organizations to implement robust backup and recovery procedures to mitigate the impact of Anubis attacks. Trend Micro researchers and others describe Anubis as a "rare dual-threat" that encrypts and permanently erases files. Anubis also operates a flexible affiliate program with negotiable revenue splits, offering additional monetization paths like data extortion and access sales. The discovery of this destructive behavior highlights the increasing sophistication of ransomware operations and the importance of proactive cybersecurity measures.
ImgSrc: static.wixstati
References :
The ransomware is being deployed via phishing emails with malicious attachments or deceptive links which bypass endpoint defenses. Once inside a network, it uses lateral movement techniques, such as privilege escalation, to gain deeper access. The primary targets are organizations within the healthcare, hospitality, and construction sectors, impacting entities across Australia, Canada, Peru, and the United States. This dual-threat capability represents an evolution from traditional ransomware, exerting even more pressure on victims to comply with ransom demands.
Cybersecurity experts are urging organizations to implement robust backup and recovery procedures to mitigate the impact of Anubis attacks. Trend Micro researchers and others describe Anubis as a "rare dual-threat" that encrypts and permanently erases files. Anubis also operates a flexible affiliate program with negotiable revenue splits, offering additional monetization paths like data extortion and access sales. The discovery of this destructive behavior highlights the increasing sophistication of ransomware operations and the importance of proactive cybersecurity measures.
ImgSrc: static.wixstati
Share:
References :
- The Hacker News: Anubis Ransomware Encrypts and Wipes Files, Making Recovery Impossible Even After Payment
- Davey Winder: This New Ransomware Can Irrevocably Destroy Your Files — Backup Now
- Rescana: Anubis Ransomware Incident Analysis: Dual-Threat Cyber Attack with Irreversible File Wiping in Healthcare, Hospitality, and Construction Systems
- securityaffairs.com: New Anubis RaaS includes a wiper module
- DataBreaches.Net: Anubis: A Closer Look at an Emerging Ransomware with Built-in Wiper
Classification:
- HashTags: #Ransomware #DataWiper #Anubis
- Company: Trend Micro
- Target: Healthcare, Hospitality, and Construction Systems
- Attacker: Anubis
- Product: Ransomware-as-a-Service
- Feature: data wiper
- Malware: Anubis
- Type: Ransomware
- Severity: Disaster