- Security researchers claiming Anubis Ransomware is adding a file wiper
- The wiper reduces all files to 0 kb, and destroys them irreversibly
- This may be an additional prepoint during the negotiations
Anubis, a relatively new Ransomware-as-A-Service (RAAS) operation, added a new feature to its encryption that irreversibly destroys all encrypted files on the compromised system.
CyberSecurity researchers Trend Micro have published a new in-depth report on the operation, where the group reveals that the group is currently working to add new features to the encryption, among them is the filtering capacity.
“What further separates Anubis from other RAAs and gives an advantage to its operations is its use of a filtering function, designed to sabotage recovery efforts, even after encryption,” Trend Micro said. “This destructive trend adds pressure on the victims and raises the effort for an already harmful attack.”
Presses the victims
When the threat actors activate the feature, the wiper deletes the contents of the files and reduces their size to 0 kb. File names and the structure remain intact, which means it is impossible to recover the files.
The best way to stay protected is obviously tightening up security and minimizing the chances of getting a ransomware infection. Out of an abundance of caution, however, companies should have a separate, possibly aerial backup that would allow them to recover the files safely.
Normally, ransomware -actors would exfilter sensitive files from their target’s IT infrastructure and then encrypt the systems.
They would then demand money, usually in Bitcoin, in return for the decryption key that returns the victims access to their locked files. As many companies deny to pay ransom and instead keep an updated backup that can be restored in the event of an attack, the hackers began to steal files and threatened to release them to the public.
Releasing sensitive files is in many cases more disruptive than encryption, as it can lead to litigation, data sweating fines, loss of credibility among customers and partners and loss of competitive advantage after IP leaks.
In addition to the file wiper, who is definitely a major threat, Ransomware actors also sometimes also participate in DDOS attacks to put pressure on both frontend and back-end of the company. In some cases, they will also call the victims on the phone in an attempt to get them to pay the demand for ransom.
Via Bleeping computer
