Beware! New ransomware disguised as a game

Anatova is targeting consumers at scale across the globe.

Update: 2019-01-23 11:10 GMT
The WannaCry ransomware attack infected thousands of computers worldwide and crippled parts of Britain's National Health Service in May. (Photo: File/Representational)

McAfee researchers today announced the discovery of a new ransomware family, “Anatova” that is targeting consumers at scale across the globe. The ransomware was discovered in a private peer-to-peer (p2p) network and targets consumers by using the icon of a game or application to trick the user into downloading it.

Christiaan Beek, Lead Scientist & Principle Engineer at McAfee said, “Creating a quick and fast piece of ransomware is fairly easy for those with basic know-how. Ransomware packed with functionality that is also difficult to analyze, such as Anatova, is more difficult to create from scratch. Anatova has the potential to become very dangerous with its modular architecture which means that new functionalities can easily be added. The malware is written by experienced authors that have embedded enough functionalities to be sure that typical methods to overcome ransomware will be ineffective, for instance data can’t be restored without payment and a generic decryption-tool cannot be created.”

Key findings:

Brand-new code shows the actors behind this ransomware family aren’t your average hackers, but experienced bad actors

Shown the ability to morph quickly, adding new evasion tactics and spreading mechanisms

Includes functions which are not often see in ransomware families. In the same vein however, where there are observed similarities, the functions are the same as those used by the most destructive ransomware families such as GrandCrab

Once downloaded, the malware quickly encrypts all or many files on an infected system and demands ransom in cryptocurrency in order to unlock it - 10 DASH – currently valued at around $700 USD

McAfee’s researchers believe this new ransomware could become a serious threat since the code is prepared for modular extension - this means that new functionalities can easily be added. The malware is written by skilled authors that have embedded enough functionalities to be sure that typical methods to overcome ransomware will be ineffective, for instance data can’t be restored without payment and a generic decryption-tool cannot be created

Tags:    

Similar News