Anatova game tricks users into downloading ransomware

The anatova ransomware strain was discovered in a private peer-to-peer (p2p) network and targets consumers by using the icon of a game or application to trick the user into downloading it.

anatova-ransomware-detections

McAfee researchers today announced the discovery of a new ransomware family, “Anatova” that is targeting consumers at scale across the globe. The ransomware was discovered in a private peer-to-peer (p2p) network and targets consumers by using the icon of a game or application to trick the user into downloading it.

Creating a quick and fast piece of ransomware is fairly easy

Beek, Lead Scientist & Principle Engineer at McAfee said, “Creating a quick and fast piece of ransomware is fairly easy for those with basic know-how. Ransomware packed with functionality that is also difficult to analyze, such as Anatova, is more difficult to create from scratch. Anatova has the potential to become very dangerous with its modular architecture which means that new functionalities can easily be added. The malware is written by experienced authors that have embedded enough functionalities to be sure that typical methods to clean up damage will be ineffective, for instance data can’t be restored without payment and a generic decryption-tool cannot be created.” This is a screenshot example

anatova-ransomware-screenshot

Here are the highlights

  • Brand-new code shows the actors behind this ransomware family aren’t your average hackers, but experienced bad actors
  • Shown the ability to morph quickly, adding new evasion tactics and spreading mechanisms
  • Includes functions which are not often seen in ransomware families. In the same vein however, where there are observed similarities, the functions are the same as those used by the most destructive families such as GandCrab
  • Once downloaded, the malware quickly encrypts all or many files on an infected system and demands ransom in cryptocurrency in order to unlock it – 10 DASH – currently valued at around $700 USD

McAfee’s researchers reported this new ransomware could become a serious threat since the code is prepared for modular extension – this means that new functionalities can easily be added.

The malware is written by skilled authors that have embedded enough functionalities to be sure that typical methods to overcome ransomware will be ineffective, for instance data can’t be restored without payment and a generic decryption-tool cannot be created.

You simply have to step your users through new-school security awareness training to inoculate them against attacks like this. Keeping families safe at the house is just as important, so here is a free Children’s Interactive Cybersecurity Activity Kit.

Cyber Safety Net is a KnowBe4 partner. Reposted with permission from https://blog.knowbe4.com/heads-up-new-ransomware-disguised-as-a-game.-warn-your-users. Cyber Safety Net – Keeping you safe online. See https://cybersafetynet.net/cyber-security-awareness-training/ to train and strengthen your human firewall. See https://youtu.be/UFpFesrcnvY and https://www.knowbe4.com/security-awareness-training-features/ to learn more.