McAfee uncovers Anatova ransomware

McAfee researchers have uncovered a new, highly sophisticated strain of ransomware that is targeting consumers worldwide and is able to neuter traditional methods of combatting ransomware.

McAfee has warned that it believes the newly discovered Anatova ransomware has the potential to become a serious threat as a result of its design.

Anatova was initially discovered in a private peer-to-peer filesharing network, targeting consumers by using the icon of a game or application to trick the user into downloading it.

Analysis shows that the malware has been designed to be highly modular, allowing new evasion tactics and spreading mechanisms to be added quickly. It also includes functions which are not typically seen in ransomware families, and is more sophisticated than many common ransomware variants.

Once it infects a victim’s computer, the ransomware demands a cryptocurrency ransom to unlock it in the form of 10 DASH coins, which is currently valued at around US$700 ($977.90).

McAfee Lead Scientist and Principle Engineer Christiaan Beek said the company’s analysis indicates that Anatova has been written by skilled software developers.

“Creating a quick and fast piece of ransomware is fairly easy for those with basic know-how. Ransomware packed with functionality that is also difficult to analyse, such as Anatova, is more difficult to create from scratch,” he said.

“Anatova has the potential to become very dangerous with its modular architecture, which means that new functionalities can easily be added. The malware is written by experienced authors that have embedded enough functionalities to be sure that typical methods to overcome ransomware will be ineffective, for instance data can’t be restored without payment and a generic decryption tool cannot be created.”

Image courtesy McAfee.

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.