The malware modifies file icons and attempts to change desktop wallpapers, further branding its presence on infected systems to instill fear in victims.

To protect against ransomware threats like Anubis, users are advised to avoid downloading unverified attachments, implement web filtering, and limit administrative privileges.

Over the past year, multiple distribution methods for Anubis have been identified, including fake browser updates and bogus download sites that deliver the malware through custom loaders.

The emergence of Anubis ransomware marks a significant evolution in cyber threats, combining dual ransomware capabilities with extensive affiliate programs to maximize revenue within the cybercriminal ecosystem.

Launched in December 2024, Anubis operates as a ransomware-as-a-service (RaaS) model, gaining traction in early 2025 with a flexible affiliate program that allows partners to earn a share of ransom proceeds.

Affiliates can receive up to 80% of the ransom paid, with additional monetization strategies offering splits of 60-40 and 50-50 for data extortion and initial access brokers, respectively.

A new wiper module has been introduced, which irreversibly destroys files by reducing them to 0 KB while preserving filenames and directory structures, complicating recovery efforts even after ransom payment.

This wiper feature is designed to intensify pressure on victims to pay the ransom quickly, as it is activated through a command-line parameter '/WIPEMODE' that prevents recovery attempts.

Despite currently listing only eight victims on its extortion page, Anubis's destructive tactics significantly undermine victims' recovery efforts and negotiation capabilities.

Attacks typically begin with phishing emails containing malicious links or attachments, followed by privilege escalation and deletion of volume shadow copies before file encryption or wiping occurs.

Anubis has targeted various sectors, including healthcare and construction, across countries such as Australia, Canada, Peru, and the United States, showcasing its global reach.

The FBI has warned of a surge in ransomware attacks, noting an increase in both the frequency of attacks and the ransom amounts demanded.