Anubis Ransomware Causes Chaos with Wiping
Anubis Ransomware disrupts systems by encrypting and wiping files since December 2024. It targets healthcare, hospitality, and construction sectors globally. For example, it renders recovery impossible even after payment. This dual-threat raises serious data security concerns.
How the Attack Unfolds
Attackers use phishing emails to gain initial access. They escalate privileges and delete volume shadow copies. Additionally, Anubis encrypts files and activates a wipe mode. Consequently, file sizes drop to 0 KB, pressuring victims to pay.
Unique Wipe Mode Feature
The wipe mode permanently erases file contents with the /WIPEMODE parameter. This feature sets Anubis apart from typical ransomware. For instance, it leaves filenames intact but destroys data. As a result, recovery attempts fail completely.
Affiliate Program and Spread
Anubis runs a flexible RaaS program with negotiable splits. Affiliates earn 80% of ransoms or 60% from data extortion. A report notes it evolved from a trial version called Sphinx. Therefore, its reach expands across multiple regions.
Impact on Victims
Victims in Australia, Canada, Peru, and the U.S. face data loss. The ransomware hits critical industries hard. Moreover, its destructive nature increases financial and operational damage. This highlights its growing threat level.
Broader Cybercrime Trends
Other groups like FIN7 use fake software to spread NetSupport RAT. They employ bogus browser updates and 7-Zip sites. For example, PowerNet and MaskBat loaders deliver malware. As a result, evolving tactics challenge cybersecurity defenses.
Challenges for Recovery
The combination of encryption and wiping complicates backups. Traditional recovery methods become useless. Additionally, pressure tactics force quick decisions. This underscores the need for proactive security measures.
Preventing Anubis Ransomware Attacks
To stop Anubis, avoid opening suspicious email attachments. For example, verify sender details before clicking. Use updated antivirus software to block threats and back up data regularly. Additionally, train staff on phishing awareness. These steps help protect against data loss and extortion.
Sleep well, we got you covered.
