A new ransomware-as-a-service (RaaS) group has emerged and has been making a name for itself in 2025. Anubis is a recently identified group that sets itself apart by partnering encryption with more destructive capabilities—wiping directories which severely impact chances of file recovery.
Given its brief history and use of a multi-layered extortion model, Anubis has all the markings of an evolving and flexible RaaS operation. Trend™ Research has observed specific command line operations for these destructive actions, including attempts to change system settings and wipe directories. This entry takes a closer look into these capabilities. Anubis joined the X (formerly Twitter) in December 2024. Around the same time, our team identified a sample called Sphinx, which appeared to be in development, evidenced by its ransom note that lacked both a TOR site and a unique ID.
Read more…
Source: Trend Micro
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Oxford University lab with COVID-19 research links targeted by hackers
February 26, 2021
An Oxford University lab conducting research into the coronavirus pandemic has been compromised by cyberattackers. Oxford University, one of the most prominent educational institutions in the UK, was made aware of the security breach on Thursday. The university confirmed that a security incident took place at the Division of Structural Biology lab, also known as “Strubi,” after ...
- Dutch Research Council (NWO) confirms ransomware attack, data leak
February 26, 2021
The recent cyberattack that forced the Dutch Research Council (NWO) to take its servers offline and suspend grant allocation processes was caused by the DoppelPaymer ransomware gang. The hackers gained access to NWO’s network on February 8 and stole internal documents, threatening with leaking them unless the organization paid a ransom. Since NWO does not cooperate with ...
- Lazarus targets defense industry with ThreatNeedle
February 25, 2021
We named Lazarus the most active group of 2020. We’ve observed numerous activities by this notorious APT group targeting various industries. The group has changed target depending on the primary objective. Google TAG has recently published a post about a campaign by Lazarus targeting security researchers. After taking a closer look, we identified the malware ...
- Cisco Warns of Critical Auth-Bypass Security Flaw
February 25, 2021
A critical vulnerability in Cisco Systems’ intersite policy manager software could allow a remote attacker to bypass authentication. The vulnerability is one of three critical flaws fixed by Cisco on this week. It exists in Cisco’s ACI Multi-Site Orchestrator (ACI MSO) — this is Cisco’s management software for businesses, which allows them to monitor the health ...
- TD Bank suffered systemwide banking outage, services now recovered
February 25, 2021
TD Bank has recovered from a major IT systems outage today that prevented account holders from accessing their online bank accounts, use ATM, or check balances over the phone. The outage started at approximately 2 AM EST this morning and prevented TD Bank members from logging into their online accounts. When attempting to do so, their systems ...
- So Unchill: Melting UNC2198 ICEDID to Ransomware Operations
February 25, 2021
Mandiant Advanced Practices (AP) closely tracks the shifting tactics, techniques, and procedures (TTPs) of financially motivated groups who severely disrupt organizations with ransomware. In May 2020, FireEye released a blog post detailing intrusion tradecraft associated with the deployment of MAZE. As of publishing this post, we track 11 distinct groups that have deployed MAZE ransomware. ...