216.73.216.86

Anubis: A Closer Look at an Emerging Ransomware with Built-in Wiper

· Published 13/06/2025 14:04 · Modified 13/06/2025 20:20

Export JSON

Essential information

Published
13/06/2025 14:04
Modified
13/06/2025 20:20
Tags
2025-06-13 anubis ecies-encryption file-wiping privilege-escalation ransomware-as-a-service spear-phishing sphinx
Related entities
1 intrusion sets (apt), 8 techniques (mitre), 6 others

Description

is a new (RaaS) group that combines file encryption with file destruction capabilities. Active since December 2024, it features a 'wipe mode' that permanently erases files, making recovery impossible even if ransom is paid. The group operates a flexible affiliate program, offering negotiable revenue splits and supporting additional monetization paths like data extortion and access sales. has claimed victims in multiple sectors including healthcare and construction, across regions such as Australia, Canada, Peru, and the U.S. The ransomware uses for initial access, employs command-line execution, privilege escalation, and shadow copy deletion. Its encryption algorithm is similar to EvilByte/Prince ransomware, using Elliptic Curve Integrated Encryption Scheme (ECIES).

External references