New Threat: Anubis Ransomware Adds Wiper Functionality

The Anubis ransomware-as-a-service (RaaS) has escalated its threat level by incorporating a file-wiping module, which renders data irrecoverable even after a ransom is paid. Since its emergence in December 2024, Anubis has become increasingly active, with a recent push to enhance its features for affiliates.

Key Details

• Who: Anubis RaaS operators.
• What: Introduced a wiper module that destroys the contents of targeted files, maintaining file names but reducing their sizes to zero.
• When: Increased activity noted from early 2025, with affiliate programs launched on February 23.
• Where: Operates on dark web forums, affecting a variety of entities.
• Why: The goal is to compel victims to pay quickly by sabotaging any chances of data recovery.
• How: Activated with the command-line parameter '/WIPEMODE', requiring authentication for use.

Why It Matters

The addition of a wiper function poses critical risks for enterprises by:

• Enhancing Pressure: Victims are pushed to comply with ransom demands to avoid permanent loss of data.
• Impacting Security Protocols: This RaaS can exploit vulnerabilities in existing security measures, necessitating upgraded defenses.
• Hybrid/Multi-Cloud Adoption: Organizations must reconsider their cloud strategies, ensuring adequate backups and recovery options that withstand such attacks.

Takeaway for IT Teams

IT professionals should audit their current ransomware defenses and explore strategies to mitigate risks posed by RaaS threats like Anubis. Consider enhanced backup solutions that are immutable and regularly tested against data loss scenarios. Stay informed about updates in ransomware technology and adjust incident response plans accordingly.

For more curated news and infrastructure insights, visit TrendInfra.com.