Anubis rasnomware can destroy your files. Forever.
As if the threat from high-profile ransomware actors wasn’t critical enough, with the Federal Bureau of Investigation issuing warnings as attacks skyrocket, and ransoms follow suit with, on occasion, ridiculously eye-watering payments demanded, a new ransomware-as-a-service platform has just upped the stakes since again. This time, as well as stealing your data and encrypting your files, the Anubis attackers install a custom wiper that can permanently and irrevocably destroy them at the whim of the hackers.
The Anubis Ransomware-As-A-Service Threat
There has been some notable success in disrupting ransomware attackers of late, with devastating strikes by the FBI and Secret Service as well as hackers attacking some of the leading organized ransomware criminal groups. The problem is that as one group is disrupted or disbands, another rises to take their place in the cybercriminal hierarchy. And these groups often bring new and worrying attack tactics with them. Such is the case with the Anubis ransomware-as-a-service platform.
“Anubis is an emerging ransomware-as-a-service group that adds a destructive edge to the typical double-extortion model with its file-wiping feature,” Trend Micro threat researchers Maristel Policarpio, Sarah Pearl Camiling and Sophia Nilette Robles, said in a new report that takes a deep technical dive into the workings of the latest ransomware threat.
In an attempt to both set itself apart from other ransomware-as-a-service operations and twist the victim extortion leverage knife even further, Anubis employs a file wiper that, the researchers said, is “designed to sabotage recovery efforts even after encryption.” This wiper uses a /WIPEMODE parameter to permanently delete the file contents and prevent any attempts at recovery.
Mitigating The Anubis Ransomware Threat
We know that the Anubis attackers employ a number of methods to deploy the ransomware and execute its feature set, including phishing, command line execution and privilege escalation, not to mention the file-wiping capabilities already discussed. Mitigation strategies, therefore, are relatively straightforward.
Let’s start with the big one, to mitigate the file-wiper impact. Backup and backup now. Ensuring that you have current offline and even off-site backups is your best defense against the Anubis eraser ransomware.
The remainder are nothing new either, as Trend Micro points out:
- Avoid downloading attachments, clicking on links, or installing applications unless the source is verified and trusted.
- Implement web filtering to restrict access to known malicious websites.
- Limit administrative rights and access privileges to employees only when necessary.
- Regularly review and adjust permissions to minimize the risk of unauthorized access.
- Ensure that all security software is updated regularly and conduct periodic scans to identify vulnerabilities.
Do all of this and, suddenly, the Anubis ransomware threat becomes a lot less scary. Which isn’t the same as saying it can be dismissed, as that would be a very poor and dangerous business decision indeed.
