McAfee researchers announced the discovery of a new ransomware family, “Anatova”, that is targeting consumers at scale across the globe. The ransomware was discovered in a private peer-to-peer (p2p) network and targets consumers by using the icon of a game or application to trick the user into downloading it.
“Creating a quick and fast piece of ransomware is fairly easy for those with basic know-how. Ransomware packed with functionality that is also difficult to analyze, such as Anatova, is more difficult to create from scratch. Anatova has the potential to become very dangerous with its modular architecture which means that new functionalities can easily be added. The malware is written by experienced authors that have embedded enough functionalities to be sure that typical methods to overcome ransomware will be ineffective, for instance data can’t be restored without payment and a generic decryption-tool cannot be created,” said Christiaan Beek, Lead Scientist & Principle Engineer at McAfee.
Key findings:
- Brand-new code shows the actors behind this ransomware family aren’t your average hackers, but experienced bad actors.- Shown the ability to morph quickly, adding new evasion tactics and spreading mechanisms.
– Includes functions which are not often see in ransomware families. In the same vein however, where there are observed similarities, the functions are the same as those used by the most destructive ransomware families such as GrandCrab.
– Once downloaded, the malware quickly encrypts all or many files on an infected system and demands ransom in cryptocurrency in order to unlock it – 10 DASH – currently valued at around $700 USD.
- McAfee’s researchers believe this new ransomware could become a serious threat since the code is prepared for modular extension – this means that new functionalities can easily be added. The malware is written by skilled authors that have embedded enough functionalities to be sure that typical methods to overcome ransomware will be ineffective, for instance data can’t be restored without payment and a generic decryption-tool cannot be created