Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label file wiping. Show all posts
Ransomware
Cyber Security file wiping malware Ransomware

Anubis Ransomware Becomes More Destructive With New File-Wiping Feature

 



A cybercrime group known as Anubis has recently added a dangerous new ability to its ransomware. This latest update allows the malware not only to lock files but also to completely destroy them, making it impossible for victims to recover their data, even if they pay the ransom.

Anubis operates as a ransomware service that other hackers can rent and use in their own attacks. It is important to note that this Anubis is different from the Android malware that shares the same name. This version first appeared in December 2024 and has grown more active in early 2025.

In February, the people behind Anubis introduced a partnership program to attract other cybercriminals. Security experts reported that Anubis offered large profit shares to its partners. Hackers who use their ransomware could keep 80 percent of the ransom, those involved in data theft could keep 60 percent, and those who provide access to target systems could earn 50 percent.

So far, Anubis has claimed only a few victims, with just eight names listed on their leak website. However, security researchers believe that the group may soon carry out more attacks as their malware improves and becomes more appealing to cybercriminal partners.

A new investigation by cybersecurity researchers recently revealed that Anubis has added a serious new feature. Unlike most ransomware, which only locks files, this updated version can completely erase them. This tool is known as a file wiper. Once it is used, even if the ransom is paid, the deleted data cannot be restored.

Experts suggest this new feature was likely added to pressure victims into paying faster. By adding the risk of total data loss, the attackers are trying to stop victims from delaying payment or attempting to recover files on their own.

This destructive tool is turned on by using a specific command called ‘/WIPEMODE.’ Only users with the correct key can activate it. When it runs, the file wiper removes all the content inside the files but keeps their names and folder locations the same. This makes it look like the files still exist, but in reality, they are completely empty.

The ransomware also has other built-in features. It can give itself higher access permissions, skip certain folders during encryption, and focus on specific files. Interestingly, it avoids damaging important system files. This likely keeps the computer working so victims can still see the ransom instructions.

In addition, the malware deletes backup copies that could help victims recover their files and shuts down computer processes that might block its actions.

Anubis uses a complex encryption system known as ECIES, which has been seen in other ransomware families like EvilByte and Prince. When it locks files, the malware adds the extension ‘.anubis’ to them and places ransom messages in the affected folders. It also tries to change the victim’s desktop background but is not successful in doing so.

This new step by Anubis shows how ransomware groups are becoming more aggressive by destroying files beyond repair, adding more pressure on victims to pay quickly.

Read more »
Subscribe to: Posts (Atom)