ANUBI Ransomware, new danger ready to strike! Lessupport 13 Oct 2017
On 13 Oct 2017

ANUBI Ransomware, new danger ready to strike!

Anubi ransomware

ANUBI is another malicious code making rounds, infecting machines. Not much is known about the attack tactics used by the underworld to spread the ransomware as of now. It is more like a ransomware into the wild, maybe its building up the attack and testing waters before it strikes. It was first detected by a security researcher from Malwarebytes.

It’s a ransomware and like any other malicious code, encrypts the files on the infected machine with ‘.anubi’ extension. When encrypting files it will change the- .[email_address].anubi extension to the name of the encrypted file. For example, a file named test.docx, would be named using the current variant as test.docx.[anubi@cock.li].anubi.

The Anubiransomware was first observed on August 15, 2017. During the process of encrypting it will not encrypt files on unmapped network shares, but it will touch upon the mapped network shares, including external memory devices connected to the infected computer and network shared directories.The Anubi ransomware will scan the affected computer for various file types, using a strong encryption method to encrypt any files it finds. The Anubiransomware mainly looks for the user-generated files, such as photos, videos, audio, spreadsheets, texts, databases especially, and files that are commonly associated with popular software such as Microsoft Office, Adobe Acrobat, Adobe Photoshop, etc. Once the Anubiransomware encrypts the files, they are no longer recoverable without the decryption key, which the cyber criminals hold in their possession.

As soon as Anubi affects the system it sets an autorun the windows registry which gives the code a permission to run automatically when a user logs in.

It is also equipped with a read_me text which is basically a ransom note and goes on to saying that free decryption of 3 files can be done which do not contain important information. To assure the victim that decryption will actual work.

The best thing about the virus is, it is incredibly slow and can be detected when it is encrypting the computer. A user can cut the process and save files from encryption once it becomes evident that the ransomware is affecting the machine.

Logix Infosecurity helps its clients stay safe and avoid being a part of ransomware trap. Our latest tools keep a company’s network safe, up and running.

This article will be updated as we have more information.

ransomware ebook

Previous page
Next page

Related Posts

  • Microsoft 365 Security Why the Built-In Stack Shouldn’t Be Overlooked Post Thumbnail
    Blog

    The modern workplace depends heavily on productivity office suites. Mail, meetings, documents, collaboration — everything runs through platforms...

    Read More
  • Why DMARC Matters — And Why Your Business Can’t Ignore It Post Thumbnail
    Blog

    In the past months, several Indian companies have lost crores to email fraud because attackers impersonated their domains...

    Read More
  • Why Choose Zoho Workplace Post Thumbnail
    Blog

    As enterprises continue to accelerate their digital transformation journeys, the priorities have shifted from basic connectivity to secure collaboration, data...

    Read More
Scroll
Copy link