Anubis Ransomware Uses File Wiper in Attacks

The Anubis ransomware-as-a-service (RaaS) operation has emerged with a dual-threat model that combines traditional data encryption with a file-wiping feature activated via a '/WIPEMODE' command, making recovery impossible even if a ransom is paid. Trend Micro researchers report that Anubis amplifies extortion pressure by sabotaging victims' recovery efforts post-encryption. The group targets sectors such as construction, engineering, and healthcare across several countries, gaining initial access primarily through spear phishing and employing advanced privilege escalation and file discovery techniques. Analysts note that Anubis's affiliate model enables rapid expansion and sophisticated monetization among cybercriminals. Security experts advise organizations to maintain offline and immutable backups to defend against such destructive ransomware. This escalation reflects the broader trend of ransomware actors adopting more destructive and innovative strategies.