Visit us at the it-sa in Nuremberg in Hall 7 Stand 320 and secure your free trade fair ticket now: Request your ticket here!
DEFENDERBOX - Simple. Fast. Safe.
Test now

Anubis — dangerous ransomware strain

When ransomware no longer allows negotiations

A relatively new strain of ransomware called Anubis is currently causing concern among cyber security researchers — and not without reason: the malware not only combines classic encryption mechanisms, but also has an integrated deletion function that irretrievably destroys data.

Double threat

While most ransomware attacks are based on blackmail — with the promise of releasing access to the data once a ransom has been paid — Anubis goes one step further: In “wipe mode”, files are deleted instead of encrypted.

The technique behind it is as perfidious as it is effective: although the file names and endings are retained, the content is completely removed and reduced to 0 KB.

A psychologically effective method to put victims under additional pressure — because they can still see their folder structures, but the content is gone. Forever.

Who is affected?

Anubis was first discovered in December 2024. The attacks are primarily aimed at companies in the following sectors

  • Healthcare
  • Construction industry
  • Hotel industry

Geographically, the incidents have so far been concentrated in Australia, Canada, Peru and the USA — but as with all malware, global spread is only a matter of time.

No connection to the Android Trojan “Anubis”

Important: This ransomware is not identical to the Android Trojan or other tools with the same name. 

Ransomware-as-a-Service: the criminal business model behind it

Anubis is distributed as part of a ransomware-as-a-service (RaaS) model. This means that the malware is offered via an affiliate network, similar to legal software platforms. Affiliates — i.e. the actual attackers — receive high profit shares:

  • Up to 80 % for successful blackmail
  • 60 % with additional data extortion
  • 50 % on the sale of compromised accesses

Typical sequence of an attack:

  1. Phishing e‑mail with malicious attachment or prepared link
  2. Initial access and escalation of authorizations
  3. Network exploration and deletion of shadow copies
  4. Activation of wipe mode using parameter /WIPEMODE
  5. Encryption or direct deletion of data


What companies should do now:

Attacks like this show: Traditional security mechanisms are no longer sufficient. Classic antivirus, isolated backup strategies or simple perimeter protection systems cannot stop targeted ransomware campaigns like Anubis — especially if the goal is not just blackmail, but maximum destruction.

DEFENDERBOX relies on: 

  • Proactive managed security checks — to simulate attacks and uncover security vulnerabilities before they are exploited.

  • Isolation and blocking of suspicious processes

Because when negotiations are no longer an option, prevention must be the first line of defense.

👉 Do you want to know how your IT security is doing? Find out now here Start cyber check. 

Stay vigilant — your IT will stay that way with us. 

 

How vulnerable is your company really?

Find out — with the DEFENDERBOX.

  • Install via Plug & Play.
  • IT infrastructure can be checked automatically.
  • Recognize security gaps before others do and before it is too late.
TEST NOW
Managed Security Service

Your cyber security is our mission! Automated pentesting — the highest managed security service especially for SMEs.

News
Home page
en_USEN
de_DEDE en_USEN