- Security researchers claim that Anubis ransomware is adding a windshield wiper
- The windshield wiper reduces all files to 0 kb, destroy them irreversibly
- This could be an additional pressure point during negotiations
Anubis, a relatively new ransomware operation (RAAS), added a new characteristic to its encryption that irreversibly destroys all files encrypted in the committed system.
Trend Micro cybersecurity researchers have published a new in -depth report on the operation, revealing that the group is currently working to add new features to the encrypper, among which is the file reduction capacity.
“What most distinguishes Anubis from other RAA and gives an advantage to its operations is the use of a file cleaning function, designed to sabotage recovery efforts even after encryption,” Trend Micro said. “This destructive trend adds pressure on the victims and increases the bets of an already harmful attack.”
Pressing the victims
When threat actors activate the characteristic, the windshield wiper deletes the content of the files and reduces their size to 0 kb. File names and structure remain intact, which means that it is impossible to recover the files.
The best way to stay protected is, obviously, to adjust to security and minimize the possibilities of obtaining a ransomware infection. However, due to a great precaution, companies must have a separate backup, possibly obtained from the air, which would allow them to restore files safely.
In general, ransomware actors would exfiltrate confidential files of IT infrastructure of their target and then encrypt the systems.
Then they would demand money, generally in Bitcoin, in exchange for the deciphering key that returns access to victims to their blocked files. Since many companies deny paying the rescue and, instead, they maintain an updated backup that can be restored in case of an attack, the computer pirates began to steal files and threaten to free them to the public.
The release of confidential archives is, in many cases, more disruptive than encryption, since it can lead to class action demands, data surveillance fines, loss of credibility between clients and partners and loss of competitive advantage after IP leaks.
In addition to the windshield wiper, which is definitely a great threat, ransomware actors also sometimes also participate in ddos attacks, to exert pressure on both the front-end and for the business back-end. In some cases, they would also call the victims by phone in an attempt to make the rescue demand pay.
Through Bleepingcomputer
