There’s a new ransomware family on the block that’s targeting gamers. Discovered by US computer security software company McAfee and dubbed ‘Anatova’, the malware imitates the icon of a game or application to fool consumers into downloading it.
Once downloaded, affected users will have their files encrypted and told to pay up in cryptocurrency to regain access to their files.
The hackers are asking for 10 DASH, which is currently valued at around $700 or £540. McAfee notes this is “quite high” compared to other ransomware families.
McAfee researchers discovered the new strain of ransomware earlier this month on a peer-to-peer file sharing network, but only recently made their research public.
Who’s behind Anatova?
The type of code used suggests that the people behind Anatova are experienced threat actors.
“Creating a quick and fast piece of ransomware is fairly easy for those with basic know-how,” said Christiaan Beek, lead scientist & principle engineer at McAfee.
“Ransomware packed with functionality that is also difficult to analyse, such as Anatova, is more difficult to create from scratch.”
Anatova has functions not often seen in ransomware families, but does share some similarities to some of the most destructive families of ransomware, such as GrandCrab.
According to McAfee, Anatova could prove to be a big threat because of its modular nature, which means it can be updated to include new functions that make it harder to combat.
“Anatova has the potential to become very dangerous with its modular architecture, which means that new functionalities can easily be added,” explained Beek.
“The malware is written by experienced authors that have embedded enough functionalities to be sure that typical methods to overcome ransomware will be ineffective, for instance data can’t be restored without payment and a generic decryption-tool cannot be created.”
According to McAfee, Anatova has been discovered all around the world, with most incidents occurring in the US.
However, Syria, Egypt, Morocco, Iraq, India and the Commonwealth of Independent States, which includes Russia, Ukraine and Azerbaijan, remain unaffected.
If the infected device is on a network-share, Anatova will also encrypt files on these shares.
The full technical details about the Anatova virus can be found here.