BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Anubis Ransomware Emerges With Rare Dual File Wipe and Encrypt Mode

Anubis Ransomware Emerges With File-Wiping “Wipe Mode” and Aggressive RaaS Affiliate Program

  • An emerging Ransomware named Anubis has a destructive feature that can both encrypt and permanently erase victims’ files.
  • Anubis targets organizations in sectors like healthcare, hospitality, and construction across the U.S., Canada, Peru, and Australia.
  • This ransomware supports a flexible affiliate program with negotiable revenue splits up to 80% for affiliates.
  • Attackers use phishing emails to gain access, escalate privileges, and can wipe files beyond recovery, increasing pressure on victims.
  • The discovery follows reports of new infrastructure linked to the FIN7 group using fake software updates to deliver Malware.

A new form of ransomware dubbed Anubis has surfaced, featuring the ability to encrypt files and also permanently destroy them if a ransom is not paid. Anubis became active in December 2024 and has since targeted organizations in sectors such as healthcare, hospitality, and construction in the United States, Canada, Peru, and Australia.

- Advertisement -

Researchers from Trend Micro say the ransomware includes a special "wipe mode" that erases files completely, making recovery impossible even if victims attempt to pay the ransom. "The ransomware features a ‘wipe mode,’ which permanently erases files, rendering recovery impossible even if the ransom is paid," according to Trend Micro researchers Maristel Policarpio, Sarah Pearl Camiling, and Sophia Nilette Robles in a recent report.

Anubis operates as a ransomware-as-a-service (RaaS). It runs an affiliate program with negotiable revenue splits, allowing affiliates to take as much as 80% of the ransom paid by victims. Alternative schemes for data extortion and access sales offer 60-40 and 50-50 splits, respectively. The researchers explain that Anubis affiliates use phishing emails to gain initial access, escalate user privileges, delete backup copies (called volume shadow copies), and then encrypt or wipe files. When in "wipe mode," file contents are destroyed, reducing their size to zero while leaving file names and extensions intact.

“The ransomware includes a wiper feature using /WIPEMODE parameter, which can permanently delete the contents of a file, preventing any recovery attempt,” Trend Micro noted. This dual-threat capability is considered rare and increases the likelihood of victims paying.

It is important to note that this Anubis ransomware has no connection to an Android banking trojan or to the FIN7 hacking group, which uses the same name for other malware.

- Advertisement -

In related developments, threat intelligence firm Recorded Future reported new infrastructure associated with FIN7, some of which pretends to be legitimate software products to spread the NetSupport RAT remote access tool. Distribution methods have included fake browser update pages and bogus download sites for software like 7-Zip.

Currently, only fake 7-Zip pages were found to be active as of April 2025, according to Recorded Future’s Insikt Group.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Crypto’s $2T Crash Awaits BlackRock Shock & FOMO

Bitcoin has stabilized near $60,000 after a downturn erased $2 trillion from the crypto...

Cambridge: Ethereum Energy Intensity Low, Overall Use High

Ethereum consumes roughly 7.87 GWh annually, the second-lowest energy intensity per market value among...

Saylor and Back oppose BIP-110 fork over Bitcoin security fears

Michael Saylor and Adam Back have publicly opposed BIP-110, a temporary Bitcoin fork proposal...

China, India groups target Pakistani police in cyber espionage

Suspected China- and India-aligned threat actors targeted Pakistani law enforcement in a sustained cyber...

AMD Stock Dips 10% Amid AI Volatility Ahead of Q3 Earnings

AMD stock fell nearly 10% from $580 on June 30 to roughly $516 by...

Must Read

7 Best NFT Marketplaces for Every Need

Open Sea | Pianity | Foundation | Magic Eden | SuperRare | Rarible | Theta Drop | Other Platforms | About NFTs | FAQ...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading