ANUBI is another malicious code making rounds, infecting machines. Not much is known about the attack tactics used by the underworld to spread the ransomware as of now. It is more like a ransomware into the wild, maybe its building up the attack and testing waters before it strikes. It was first detected by a security researcher from Malwarebytes.
It’s a ransomware and like any other malicious code, encrypts the files on the infected machine with ‘.anubi’ extension. When encrypting files it will change the- .[email_address].anubi extension to the name of the encrypted file. For example, a file named test.docx, would be named using the current variant as test.docx.[email@example.com].anubi.
The Anubiransomware was first observed on August 15, 2017. During the process of encrypting it will not encrypt files on unmapped network shares, but it will touch upon the mapped network shares, including external memory devices connected to the infected computer and network shared directories.The Anubi ransomware will scan the affected computer for various file types, using a strong encryption method to encrypt any files it finds. The Anubiransomware mainly looks for the user-generated files, such as photos, videos, audio, spreadsheets, texts, databases especially, and files that are commonly associated with popular software such as Microsoft Office, Adobe Acrobat, Adobe Photoshop, etc. Once the Anubiransomware encrypts the files, they are no longer recoverable without the decryption key, which the cyber criminals hold in their possession.
As soon as Anubi affects the system it sets an autorun the windows registry which gives the code a permission to run automatically when a user logs in.
It is also equipped with a read_me text which is basically a ransom note and goes on to saying that free decryption of 3 files can be done which do not contain important information. To assure the victim that decryption will actual work.
The best thing about the virus is, it is incredibly slow and can be detected when it is encrypting the computer. A user can cut the process and save files from encryption once it becomes evident that the ransomware is affecting the machine.
Logix Infosecurity helps its clients stay safe and avoid being a part of ransomware trap. Our latest tools keep a company’s network safe, up and running.
This article will be updated as we have more information.