Security researchers detail serious ‘Anatova’ ransomware
Security researchers at McAfee LLC today detailed the discovery of a new ransomware family that is targeting consumers across the globe.
Dubbed “Anatova” based on the name of the ransom note, the ransomware was discovered in a private peer-to-peer network and targets consumers. In a report, the researchers said those behind the ransomware family aren’t your average hackers, but experienced bad actors.
“We believe that Anatova can become a serious threat since the code is prepared for modular extension,” the researchers noted. The ransomware is said to have the ability to morph quickly, adding new evasion tactics and spreading mechanisms as well.
Like other forms of ransomware, once downloaded, Anatova encrypts files and demands payment. In this case, the ransomware demands a cryptocurrency payment of 10 DASH, worth approximately $680 to unencrypt files.
According to 2-Spyware, Anatova modifies Windows operating system to gain persistence and starts a system scan that seeks for files with predetermined extensions, for example, .jpg, .doc, .mp3, .avi, .xtml, .html, .dat, .pdf and many others. The data is then encrypted with a strong encryption algorithm that makes it unusable.
Those behind the ransomware are also spreading it far and wide via methods such as spam emails, brute-force attacks, hacked websites, repacked installers, drive-by downloads and fake updates. Attacks using the ransomware have so far been detected primarily in the U.S. and Western Europe.
McAfee doesn’t say outright where the ransomware may have originated, but Anatova has been designed not to infect computers in certain countries, in particular members of the Commonwealth of Independent States — former Soviet countries — as well as Syria, Egypt, Morocco, Iraq and India.
“It’s quite normal to see the CIS countries being excluded from execution and often an indicator that the authors might be originating from one of these countries,” the researchers noted. “In this case, it was surprising to see the other countries being mentioned. We do not have a clear hypothesis on why these countries, in particular, are excluded.”
Various other companies along with McAfee also can detect it. That said, so far, there’s no known decryption tool available to save those who are infected.
Image: Christiaan Colen/Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU