A new ransomware-as-a-service (RaaS) group has emerged and has been making a name for itself in 2025. Anubis is a recently identified group that sets itself apart by partnering encryption with more destructive capabilities—wiping directories which severely impact chances of file recovery.
Given its brief history and use of a multi-layered extortion model, Anubis has all the markings of an evolving and flexible RaaS operation. Trend™ Research has observed specific command line operations for these destructive actions, including attempts to change system settings and wipe directories. This entry takes a closer look into these capabilities. Anubis joined the X (formerly Twitter) in December 2024. Around the same time, our team identified a sample called Sphinx, which appeared to be in development, evidenced by its ransom note that lacked both a TOR site and a unique ID.
Read more…
Source: Trend Micro
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- New espionage malware found targeting Russian-speaking users in Eastern Europe
October 10, 2019
Security researchers have discovered an advanced malware strain that’s been deployed to spy on diplomats and Russian-speaking users in Eastern Europe. The malware, named Attor, has been used in attacks since 2013 but was only discovered last year, according to an ESET report published today. ESET said the malware bears the signs of a targeted espionage campaign ...
- More xHunt – New PowerShell Backdoor Blocked Through DNS Tunnel Detection
October 10, 2019
During our continued analysis of the xHunt campaign, we observed several domains with ties to the pasta58com, being used as the C2 server for a new PowerShell based backdoor that we’ve named CASHY200. This PowerShell backdoor ...
- CVE-2019-16928: Exploiting an Exim Vulnerability via EHLO Strings
October 10, 2019
In September, security researchers from the QAX-A-Team discovered the existence of CVE-2019-16928, a vulnerability involving the mail transfer agent Exim. Exim accounts for over 50% of publicly reachable mail servers on the internet. What makes the bug particularly noteworthy is that threat actors could exploit it to perform denial of service (DoS) or possibly even remote code execution ...
- Intelligence Agencies Warn Of Flaw With VPN Products
October 9, 2019
Both the US NSA and UK NCSC warn hackers are actively exploiting vulnerabilities in VPN products Both the US National Security Agency (NSA) and a GQHC agency in the United Kingdom have issued warnings about “multiple vulnerabilities in Virtual Private Network (VPN) applications.” Both the NSA and the UK’s National Cyber Security Centre (NCSC) warned that advanced persistent threat (APT) ...
- FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops
October 9, 2019
trend Micro discovered that the online credit card skimming attack known as Magecart or E-Skimming was actively operating on 3,126 online shops. Our data shows that the attack started on September 7, 2019. All of the impacted online shops are hosted on the cloud platform of the e-commerce service provider “Volusion,” one of the top e-commerce platforms in the market. ...
- The Value of Dark Web Coverage for Third-Party Risk Management
October 9, 2019
Everyone knows that a key ingredient to an effective third-party risk program is comprehensive, high-quality risk information. This includes details on supply chain risk, financial risk, legal risk, cyber risk, and more. With growing third-party ecosystems, it’s easier said than done for risk management teams to collect, organize, and prioritize their own risk information along ...