SECURITY
SECURITY
SECURITY
Security researchers detail serious ‘Anatova’ ransomware
Security researchers at McAfee LLC today detailed the discovery of a new ransomware family that is targeting consumers across the globe.
Dubbed “Anatova” based on the name of the ransom note, the ransomware was discovered in a private peer-to-peer network and targets consumers. In a report, the researchers said those behind the ransomware family aren’t your average hackers, but experienced bad actors.
“We believe that Anatova can become a serious threat since the code is prepared for modular extension,” the researchers noted. The ransomware is said to have the ability to morph quickly, adding new evasion tactics and spreading mechanisms as well.
Like other forms of ransomware, once downloaded, Anatova encrypts files and demands payment. In this case, the ransomware demands a cryptocurrency payment of 10 DASH, worth approximately $680 to unencrypt files.
According to 2-Spyware, Anatova modifies Windows operating system to gain persistence and starts a system scan that seeks for files with predetermined extensions, for example, .jpg, .doc, .mp3, .avi, .xtml, .html, .dat, .pdf and many others. The data is then encrypted with a strong encryption algorithm that makes it unusable.
Those behind the ransomware are also spreading it far and wide via methods such as spam emails, brute-force attacks, hacked websites, repacked installers, drive-by downloads and fake updates. Attacks using the ransomware have so far been detected primarily in the U.S. and Western Europe.
McAfee doesn’t say outright where the ransomware may have originated, but Anatova has been designed not to infect computers in certain countries, in particular members of the Commonwealth of Independent States — former Soviet countries — as well as Syria, Egypt, Morocco, Iraq and India.
“It’s quite normal to see the CIS countries being excluded from execution and often an indicator that the authors might be originating from one of these countries,” the researchers noted. “In this case, it was surprising to see the other countries being mentioned. We do not have a clear hypothesis on why these countries, in particular, are excluded.”
Various other companies along with McAfee also can detect it. That said, so far, there’s no known decryption tool available to save those who are infected.
Image: Christiaan Colen/Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
