Anubis RaaS Adds Wiper Tool to Permanently Erase Data
A newly emerged ransomware-as-a-service offering known as Anubis RaaS adds wiper functionality, making attacks more destructive by permanently deleting victim data. Active since December 2024, the ransomware encrypts files and—if its “wipe mode” is enabled—erases contents irreversibly, leaving behind empty 0 KB files. The malware campaign has targeted organizations across sectors such as healthcare and construction.
Anubis RaaS adds wiper capabilities to its existing encryption tools, combining data destruction with a multi-layered extortion model. It spreads via phishing emails, escalates privileges, and avoids detection. It uses ECIES encryption, similar to EvilByte and Prince ransomware families. Victims face double extortion, with threats of both data loss and leaks. Anubis modifies file icons, sets a custom wallpaper, and appends a “.anubis” extension to encrypted files.
The group promotes its flexible affiliate program on cybercrime forums and offers multiple monetization paths. Trend Micro published indicators of compromise linked to the threat.