In May 2017, a ransomware called wannacry stormed the web and caused huge damage, perhaps the biggest to have ever been reported in the internet history. Taking that in mind we have created a blog post on ransomware threats and the best strategies to protect your system.
But today. The recent threat to the online community is the new ransomware named Anatova has been discovered by McAfee. More to that, the security firm claims that the ransomware disguised itself as a free game or a software package to fascinate users to initialize it. This ransomware has hit users largely within the United States however, it has been spotted in Belgium(Belgique), Germany, France, the UK, and different European countries. McAfee claims that a new algorithm is behind this ransomware and its standard extension skills, It also suggests that there will be some seasoned malware developers are behind this, and it seems to possess initial emerged on Jan 1.
The new Anatova ransomware family was discovered in an exceedingly non-public peer-to-peer (p2p) network and McAfee feels that it will become a significant threat since the code is prepared for a standard extension. The research company notes that the prime goal of Anatova is to cipher all the files, before requesting payment from the victim.
The ransomware mutates itself into a Logo or Icon of an application or into a popular game to try to fool the users and encourage users to download it. Once a user downloads the Anatova, it will start to encrypt all or many files in the host’s system and then insist on payment to unlock them. “The mastermind(Developers) behind this Anatova malware demanded a ransom payment in cryptocurrency of 10 Dash (around $700 USD), a quite high amount in compared to other ransomware families,” company says.
In addition, McAfee claims that Anatova creates RSA of different types of keys using a crypto API which will encode all strings. This function is the same as in other ransomware families, like “GandCrab” or “Crysis”. It is assured that the keys which it uses will be used per user; per execution. Then it writes a ransom note that features the e-mail address and also the payment mode.
“Anatova has the potential to become very dangerous with its modular architecture, which means that new functionalities can easily be added. The malware is written by experienced authors who have embedded enough functionalities to ensure that typical methods for ransomware overcome ineffective” said by McAfee’s head scientist Christiaan Beek, told ZDNet.
The report states that the Anatova can terminate itself when it identifies that the victim(host PC) is a member of the “Commonwealth of Independent States” – consisting of former Soviet countries including Russia. It also not gone infect systems in Syria, Egypt, Morocco, Iraq, and India.
“It’s quite normal to see the CIS countries being excluded from execution and often an indicator that the authors of Anatova ransomware might be originating from one of these countries.” said by senior malware analyst Mr. Alexandre Mundo (advanced threat research team at McAfee).
As we are safe for now, but we recommend all Internet users that please don’t download any unofficial games or apps with caution. Your safety is in your hands.