- Security researchers claim Anubis ransomware is adding a file wiper
- The wiper reduces all files to 0 KB, irreversibly destroying them
- This could be an additional pressure point during negotiations
Anubis, a relatively new Ransomware-as-a-Service (RaaS) operation, added a new feature to its encryptor that irreversibly destroys all encrypted files on the compromised system.
Cybersecurity researchers Trend Micro has published a new in-depth report about the operation, revealing the group is currently working on adding new features to the encryptor, among which is the file-wiping ability.
“What further sets Anubis apart from other RaaS and lends an edge to its operations is its use of a file wiping feature, designed to sabotage recovery efforts even after encryption,” Trend Micro said. “This destructive tendency adds pressure on victims and raises the stakes of an already damaging attack.”
Pressuring the victims
When the threat actors activate the feature, the wiper erases the contents of the files and reduces their size to 0 KB. The filenames and the structure remain intact, which means it’s impossible to recover the files.
The best way to stay protected is, obviously, to tighten up on security and minimize the chances of getting a ransomware infection. However, out of an abundance of caution, businesses should have a separate, possibly air-gapped backup, that would allow them to restore the files safely.
Usually, ransomware actors would exfiltrate sensitive files from their target’s IT infrastructure, and then encrypt the systems.
They would then demand money, usually in bitcoin, in exchange for the decryption key that returns the victims access to their locked files. Since many companies deny paying the ransom, and instead keep an updated backup that can be restored in case of an attack, the hackers started stealing files and threatening to release them to the public.
Releasing sensitive files is, in many cases, more disruptive than encryption, since it can lead to class-action lawsuits, data watchdogs fines, loss of credibility among customers and partners, and loss of competitive edge after IP leaks.
Besides the file wiper, which is definitely a big threat, ransomware actors also sometimes engage in DDoS attacks, as well, to put pressure on both the front-end and the back-end of the business. In some instances, they would also call the victims on the phone in an attempt to get them to pay the ransom demand.
Via BleepingComputer
