Anubis Ransomware Packs a Wiper to Permanently Delete Files

The emerging Anubis ransomware has become a major threat to organizations, as it can permanently delete files to prevent their recovery, Trend Micro warns.

Active since late 2024 and operating under the ransomware-as-a-service (RaaS) model, Anubis was first detailed in February this year, when threat intelligence firm Kela observed it mainly focusing on data extortion, without the encryption component.

A fresh Trend Micro report, however, puts things in a different perspective: not only does Anubis encrypt victims’ data, but it also has a wiper module that destroys it.

“Trend Research has observed specific command line operations for these destructive actions, including attempts to change system settings and wipe directories,” the cybersecurity firm notes.

According to Trend Micro, Anubis, which has the same code as Sphinx, except for the function that generates the ransom note, has been promoted on cybercrime forums by two accounts, namely ‘supersonic’ and ‘Anubis__media’.

Affiliates are promised ...