Unlike traditional ransomware operations focused solely on encryption, Anubis offers three distinct extortion options with varying profit-sharing models, significantly diversifying their attack methodology and potential victim impact. The third and most innovative approach, “accesses monetization,” assists threat actors in extracting ransoms from victims they’ve already compromised, offering affiliates 50% of collected funds. Secureworks Counter Threat Unit (CTU) researchers identified that Anubis, another emerging threat, first appeared on underground forums in late February 2025 with a different approach to affiliate recruitment. In November 2023, the GOLD BLAZER threat group reported an ALPHV (BlackCat) compromise to the U.S. Securities and Exchange Commission after a victim refused payment, demonstrating the growing sophistication of pressure tactics in the ransomware ecosystem. Two noteworthy ransomware operations, DragonForce and Anubis, have introduced innovative affiliate models designed to expand their reach and increase profitability in the ever-evolving cybercrime landscape. These new affiliate models demonstrate how threat actors adapt their business practices to maintain profitability as victims become more resistant to paying ransoms, potentially leading to more sophisticated and persistent attack campaigns. Most notably, Anubis threatens to report non-compliant victims to regulatory authorities including the UK Information Commissioner’s Office, U.S. Department of Health and Human Services, and the European Data Protection Board. The second option, termed “data ransom,” focuses exclusively on data theft without encryption, providing affiliates with 60% of payments. Should victims refuse to pay, Anubis escalates pressure through multiple channels, including publishing victim names via X (formerly Twitter) and notifying customers. Despite significant disruptions by international law enforcement operations targeting major ransomware schemes, cybercriminal groups continue demonstrating remarkable adaptability in 2025. The group recently rebranded itself as a “cartel” and announced a shift to a distributed model allowing affiliates to create their own customized “brands” while leveraging DragonForce’s infrastructure. The first follows the traditional RaaS model involving file encryption, offering affiliates 80% of ransom payments. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Anubis distinguishes itself with three distinct operational modes designed to appeal to different types of affiliates. The “data ransom” methodology involves publishing detailed “investigative articles” about victims’ sensitive data on password-protected Tor websites. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.
This Cyber News was published on cybersecuritynews.com. Publication date: Sat, 26 Apr 2025 13:35:12 +0000