VERY IMPORTANT

Anubis is a new ransomware-as-a-service (RaaS) group that combines file encryption with file destruction capabilities. Active since December 2024, it features a 'wipe mode' that permanently erases files, making recovery impossible even if ransom is paid. The group operates a flexible affiliate program, offering negotiable revenue splits and supporting additional monetization paths like data extortion and access sales. Anubis has claimed victims in multiple sectors including healthcare and construction, across regions such as Australia, Canada, Peru, and the U.S. The ransomware uses spear-phishing for initial access, employs command-line execution, privilege escalation, and shadow copy deletion. Its encryption algorithm is similar to EvilByte/Prince ransomware, using Elliptic Curve Integrated Encryption Scheme (ECIES).