Recent analysis reveals a significant development in the threat landscape: a prominent Ransomware-as-a-Service (RaaS) operation, known as Anubis, has enhanced its destructive capabilities by integrating a dedicated wiper module.
This new addition fundamentally changes the potential impact of an Anubis attack. While traditional ransomware focuses on encryption to hold data hostage for extortion, the inclusion of a wiper means attackers can now choose to permanently destroy data. This move adds a layer of severity, potentially shifting from financial gain through recovery to pure destruction, or using the threat of destruction as leverage.
Security researchers observing this RaaS platform noted the new component allows affiliates to execute a separate command specifically designed for data destruction, distinct from the standard encryption process. This could be deployed after data exfiltration (for double extortion) or simply as a final act of malice, making recovery significantly more challenging or impossible, even if a ransom is paid.
The integration of a wiper into a widely available RaaS offering underscores the evolving tactics of cybercriminals. It provides less technically sophisticated actors with advanced destructive tools, increasing the risk for organizations of all sizes facing potential data loss beyond just the encryption threat. This development emphasizes the critical need for robust backups, effective incident response plans, and advanced defensive measures to protect against not only ransomware but also outright data destruction.
Source: https://securityaffairs.com/179044/malware/anubis-raas-now-includes-a-wiper-module.html
