Multi-License Discount Quote
Computer Security Anubis Ransomware is A Rising Threat Organizations Can’t...

Anubis Ransomware is A Rising Threat Organizations Can’t Ignore

By Mura in Computer Security
Translate To:
English

A newly emerging ransomware group, Anubis, is making waves in the cybercriminal underworld. According to threat intelligence firm Kela, Anubis operates as a Ransomware-as-a-Service (RaaS), offering affiliates multiple monetization options, including traditional ransomware attacks, data extortion, and access sales.

Despite being a new player, Anubis shows signs of experienced cybercriminals behind it, making it a serious and growing threat to businesses worldwide. Here’s what organizations need to know about this developing cyber menace.

Anubis Ransomware: What We Know So Far

Anubis first appeared in late 2024, and its presence has been primarily tracked through dark web activity rather than direct code analysis. This makes it harder to assess the technical capabilities of the malware, but initial reports suggest it is a highly sophisticated operation.

Kela researchers have linked Anubis to two cybercriminals, one of whom—‘superSonic’—has been actively recruiting affiliates via underground forums like RAMP.

Anubis Ransomware’s Business Model

Anubis is not just another ransomware variant—it’s an extortion service offering multiple attack options to its affiliates.

  1. Classic Ransomware Attacks
    • Uses ChaCha+ECIES encryption.
    • Targets Windows, Linux, NAS, and ESXi x64/x32 systems.
    • Managed through a web-based control panel.
    • Revenue split: 80% to the affiliate, 20% to Anubis.
  2. Data Ransom (Extortion Without Encryption)
    • Affiliates sell stolen data without encrypting victims’ systems.
    • Data must be exclusive to Anubis, stolen within the last six months, and valuable enough for public exposure.
    • Revenue split: 60% to the affiliate, 40% to Anubis.
  3. Access Monetization
    • Affiliates sell network access to potential victims.
    • The access must be for companies in the U.S., Europe, Canada, or Australia.
    • The victim must not have been attacked by other ransomware groups in the past year.
    • Revenue split: 50% to the affiliate, 50% to Anubis.

This multi-pronged extortion strategy aligns with the growing trend of data theft-focused ransomware attacks, which threaten organizations by leaking sensitive data rather than encrypting it.

Anubis’ First Victims: Healthcare in the Crosshairs?

Despite being only a few months old, Anubis has already listed three confirmed victims on its leak site, with a fourth, undisclosed target, marked as “Top Secret” as of February 25, 2025.

One of the earliest confirmed targets was Pound Road Medical Centre (PRMC), an Australian healthcare provider. PRMC reported a data breach on November 13, 2024, but did not mention ransomware—suggesting that Anubis may have focused on data extortion rather than encryption in this case.

The fact that two of Anubis’ three known victims operate in healthcare is concerning. Medical organizations have long been prime ransomware targets due to their reliance on patient data and their increased likelihood of paying ransoms to protect sensitive information.

Why Anubis Ransomware Is a Serious Threat

Even though it’s still new, Anubis is already showing signs of being a major cybersecurity threat. Here’s why:

  • Experienced Operators – The structured RaaS model, combined with technical claims, suggests Anubis is run by seasoned cybercriminals, possibly former members of defunct ransomware gangs.
  • Multi-Layered Extortion – Unlike traditional ransomware, Anubis is pushing data extortion as a primary revenue stream, allowing attackers to profit without deploying encryption.
  • Targeting Critical Sectors – If early attacks are any indication, healthcare and other high-risk industries may be key targets.
  • Sophisticated Malware – Although no samples have been publicly analyzed yet, the claimed use of ChaCha+ECIES encryption and cross-platform support (Windows, Linux, NAS, and ESXi) points to an advanced attack toolset.

How Organizations Can Protect Themselves

With Anubis ramping up its operations, businesses must take proactive cybersecurity measures to defend against both ransomware encryption and data extortion attacks.

  • Strengthen Network Security – Use multi-factor authentication (MFA) and zero-trust access policies to reduce unauthorized access risks.
  • Detect and Prevent Data Theft – Implement data loss prevention (DLP) tools to monitor and block suspicious exfiltration attempts.
  • Regularly Backup Critical Data – Maintain offline, immutable backups to recover from encryption-based attacks.
  • Monitor for Dark Web Mentions – Cybersecurity teams should track threat intelligence feeds for mentions of their organization on ransomware leak sites.
  • Employee Training – Educate staff on phishing, credential theft, and social engineering tactics commonly used to gain initial access.
  • Incident Response Planning – Have a clear strategy for handling ransomware or data extortion threats, including legal and PR responses.

A Growing Cyber Threat in 2025

Anubis may be new, but it’s already proving to be a serious risk to businesses worldwide. Its dual approach of ransomware encryption and pure data extortion aligns with modern cybercriminal trends, and its focus on critical sectors like healthcare raises additional alarms.

As 2025 unfolds, organizations must stay vigilant, invest in cybersecurity defenses, and prepare for an evolving ransomware landscape—because Anubis is just getting started.

Is your business ready to defend against the next ransomware attack? Now is the time to act.

Loading...