Unlike typical ransomware, Anubis uses a rare wiper feature that leaves files empty, making it a growing concern for cybersecurity teams.
A new ransomware threat known as Anubis is making waves in the cybersecurity world, combining file encryption with aggressive monetisation tactics and a rare file-wiping feature that prevents data recovery.
Victims discover their files renamed with the .anubis extension and are presented with a ransom note warning that stolen data will be leaked unless payment is made.
What sets Anubis apart is its ability to permanently erase file contents using a command that overwrites them with zero-byte shells. Although the filenames remain, the data inside is lost forever, rendering recovery impossible.
Researchers have flagged the destructive feature as highly unusual for ransomware, typically seen in cyberespionage rather than financially motivated attacks.
The malware also attempts to change the victim’s desktop wallpaper to reinforce the impact, although in current samples, the image file was missing. Anubis spreads through phishing emails and uses tactics like command-line scripting and stolen tokens to escalate privileges and evade defences.
It operates as a ransomware-as-a-service model, meaning less-skilled cybercriminals can rent and use it easily.
Security experts urge organisations to treat Anubis as more than a typical ransomware threat. Besides strong backup practices, firms are advised to improve email security, limit user privileges, and train staff to spot phishing attempts.
As attackers look to profit from stolen access and unrecoverable destruction, prevention becomes the only true line of defence.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
