Inside money, markets, and big tech

Watch out for this new cryptocurrency ransomware stalking the web

Anatova is apparently more advanced than Ryuk

Researchers have discovered “Anatova,” a brand new family of cryptocurrency-fuelled ransomware, and they warn it has the potential to become outright dangerous.

Cybersecurity firm McAfee explained Anatova hides in seemingly innocuous icon files – usually the same popular games or applications – in order to fool the user into downloading the malware.

Once run, it automatically requests admin rights and begins encrypting as many files as possible, as quickly as possible. Anatova then demands a ransom from the victim.

In this case, the hackers want payment in fledgling cryptocurrency DASH – currently worth around $700.

Analysts also revealed they had detected over 100 instances of the Anatova running in the US already. Belgium, Germany, and France are also hosting a sizable number of infections.

Data courtesy of McAfee Labs

“Anatova has the potential to become very dangerous with its modular architecture which means that new functionalities can easily be added,” McAfee’s lead scientist Christiaan Beek told Hard Fork.

While hackers demanding DASH ransoms may be less common than ransoms in Bitcoin or Monero, it isn’t exactly unprecedented.

In fact, the GandCrab ransomware family, first discovered in early 2018, was reportedly the first of its kind to demand DASH payments.

“The main reason [Anatova is] using DASH is that it has implemented a number of privacy enhancing protocols that make tracing transactions difficult,” Christiaan added.

Anatova ransomware is more sophisticated than Ryuk

Not that long ago, Hard Fork reported on a malware threat sweeping the internet known as Ryuk. At the time, estimates suggested it had collected more than $3.7 million in Bitcoin ransoms in just five months.

Ominously, McAfee’s researchers believe the hackers responsible for Anatova’s creation are more skilled than Ryuk‘s creators.

“Anatova has, in our opinion, a more advanced design than Ryuk,” said Christiaan. “Specifically, in the way it tries to make analysis difficult and the way the actors try to avoid the creation of a decryption-tool, but also in the way it is designed to encrypt fast – only files below 1MB are encrypted.”

Anatova ransomware note courtesy of McAfee Labs

Unlike Ryuk, which hackers derived from source-code available for sale on underground markets, Christiaan believes Anatova was designed by someone with coding expertise.

“The malware is written by experienced authors that have embedded enough functionalities to be sure that typical methods to overcome ransomware will be ineffective, for instance data can’t be restored without payment and a generic decryption-tool cannot be created,” he noted.

If all this makes you a bit nervous, here is a handy guide on how to best protect yourself against these kinds of ransomware threats, because you’re worth it.

Published January 23, 2019 — 16:58 UTC