SECURITY
SECURITY
SECURITY
Security researchers detail serious ‘Anatova’ ransomware
Security researchers at McAfee LLC today detailed the discovery of a new ransomware family that is targeting consumers across the globe.
Dubbed “Anatova” based on the name of the ransom note, the ransomware was discovered in a private peer-to-peer network and targets consumers. In a report, the researchers said those behind the ransomware family aren’t your average hackers, but experienced bad actors.
“We believe that Anatova can become a serious threat since the code is prepared for modular extension,” the researchers noted. The ransomware is said to have the ability to morph quickly, adding new evasion tactics and spreading mechanisms as well.
Like other forms of ransomware, once downloaded, Anatova encrypts files and demands payment. In this case, the ransomware demands a cryptocurrency payment of 10 DASH, worth approximately $680 to unencrypt files.
According to 2-Spyware, Anatova modifies Windows operating system to gain persistence and starts a system scan that seeks for files with predetermined extensions, for example, .jpg, .doc, .mp3, .avi, .xtml, .html, .dat, .pdf and many others. The data is then encrypted with a strong encryption algorithm that makes it unusable.
Those behind the ransomware are also spreading it far and wide via methods such as spam emails, brute-force attacks, hacked websites, repacked installers, drive-by downloads and fake updates. Attacks using the ransomware have so far been detected primarily in the U.S. and Western Europe.
McAfee doesn’t say outright where the ransomware may have originated, but Anatova has been designed not to infect computers in certain countries, in particular members of the Commonwealth of Independent States — former Soviet countries — as well as Syria, Egypt, Morocco, Iraq and India.
“It’s quite normal to see the CIS countries being excluded from execution and often an indicator that the authors might be originating from one of these countries,” the researchers noted. “In this case, it was surprising to see the other countries being mentioned. We do not have a clear hypothesis on why these countries, in particular, are excluded.”
Various other companies along with McAfee also can detect it. That said, so far, there’s no known decryption tool available to save those who are infected.
Image: Christiaan Colen/Wikimedia Commons
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
