- Security researchers say Ransomware Anubis adds a file wipe
- The wiper reduces all files to 0 ko, destroying them irreversibly
- This could be an additional pressure point during negotiations
Anubis, a relatively new Ransomware-As-A-Service (RAAS) operation, added a new feature to its Encryptor which irreversibly destroys all encrypted files on the compromise system.
Trend micro cybersecurity researchers have published a new in -depth report on the operation, revealing that the group is currently working to add new features to the Encryptor, among which is the award capacity of the files.
“What distinguishes Anubis from other Raas and lends an advantage to its operations is its use of a file wiping function, designed to sabotage recovery efforts even after encryption,” said Trend Micro. “This destructive trend adds pressure on the victims and increases the challenges of an already damaging attack.”
Press the victims
When the threat actors activate the functionality, the wiper erases the content of the files and reduces their size to 0 KB. File names and the structure remain intact, which means that it is impossible to recover the files.
The best way to remain protected is, of course, to strengthen safety and minimize the chances of obtaining ransomware infection. However, by abundance of caution, companies should have a separate backup, possibly air, which would allow them to restore the files safely.
Usually, ransomware actors exfiltrate sensitive files from the computer infrastructure of their target, then encrypt the systems.
They then demanded money, generally in Bitcoin, in exchange for the decryption key which returns the victims to access to their locked files. Given that many companies deny payment of the ransom and rather retain an updated backup that can be restored in the event of an attack, the pirates have started to steal files and threaten them to release them to the public.
The release of sensitive files is, in many cases, more disruptive than encryption, because it can cause proceedings during a reaction, data monitoring fines, a loss of credibility between customers and partners, and the loss of a competitive advantage after IP leaks.
In addition to the wiper, which is definitely a great threat, ransomware actors are also sometimes involved in DDOS attacks, to exert pressure on the front-end and in the back-end of the company. In some cases, they would also call the victims on the phone in order to make them pay the ransom request.
Via Bleeping Compompute
