Anubis Ransomware Adds Wiper Capability, for Unclear Reasons

Move Raises Possibility Group Isn't Just Marketing Its Malware to Criminals Mathew J. Schwartz (euroinfosec) • June 17, 2025

Up-and-coming ransomware group Anubis has tweaked its malware to irrevocably wipe victims' data - an unusual tactic from hackers whose typical corrupt bargain is restored data in exchange for extortion money.

See Also: SASE and Zero Trust: The Backbone of Integrated Security (eBook)

The Russian-speaking ransomware-as-a-service group's malware now includes "a file-wiping feature, designed to sabotage recovery efforts even after encryption," says a report from Trend Micro.

"In my opinion, it goes against the ransomware business model," said John Fokker, head of threat intelligence at Trellix. In part, he said, wiping doesn't provide any additional "real type of leverage" for attackers as they negotiate with victims in pursuit of receiving a ransom payment ...