Meet Anatova: New Ransomware Encrypts Files, Demands DASH


Cybersecurity researchers say a new ransomware, Anatova, that demands DASH is spreading and could even become dangerous.

The last couple of years has seen a marked increase in ransomware. Local governments, hospitals, businesses, and even individuals have been affected by this form of malware that locks up critical files and then demands a ransom in some form of cryptocurrency. Now analysts at McAfee say a new ransomware is rising and that it has the possibility of becoming even more dangerous.

Meet Anatova

The new type of malware is named Anatova, and cybersecurity experts say it is spreading. Once the malware is downloaded, it requests administration rights and then begins encrypting files as fast as it possibly can. The speed of the encryption is really high as it focuses its attention on files that are 1MB or smaller.

The Anatova ransomware demands to be paid in DASH.

Once the encryption is complete, a ransom of 10 DASH is demanded. (DASH is currently trading for $74.10.) Analysts surmise that the ransomware is using DASH as it has some privacy protocols that make tracing the transaction more difficult.

The creators of Anatova also use deception in luring people to download the malware by using the same icon as popular games and apps.

Sophisticated and Potential for Growth

Anatova follows on the heel of the outbreak of another ransomware, Ryuk. However, researchers say the developers of Anatova are more skilled than those who created Ryuk. Christiaan Beek, lead scientist for McAfee, told Hard Fork:

Anatova has, in our opinion, a more advanced design than Ryuk. Specifically, in the way it tries to make analysis difficult and the way the actors try to avoid the creation of a decryption-tool, but also in the way it is designed to encrypt fast – only files below 1MB are encrypted.

The malware is written by experienced authors that have embedded enough functionalities to be sure that typical methods to overcome ransomware will be ineffective, for instance data can’t be restored without payment and a generic decryption-tool cannot be created.

He then added:

Anatova has the potential to become very dangerous with its modular architecture which means that new functionalities can easily be added.

Commonwealth of Independent States

So far, Anatova has shown up mainly in the United States, with just over 100 infections noted. Belgium, Germany, and France are the next most popular destinations. However, Anatova specifically excludes a number of countries from being infected. The most notable are the CIS countries (Commonwealth of Independent States), which the McAfee researchers point out is fairly common as such malware often originates from that region. Yet, Anatova also excludes Syria, Egypt, Morocco, Iraq, and India as well. McAfee has no idea why those countries were excluded from infection.

Overall, it pays to be cautious. Exercise common sense and be sure of what you’re downloading. Don’t fall prey to phishing scams, backup your files regularly, and get rid of unnecessary programs and extensions.

Have you ever fallen victim to a ransomware attack? Let us know in the comments below.

Images courtesy of Wikimedia Commons, DASH, and Pixabay.


Please enter your comment!
Please enter your name here