Delaware, USA – January 23, 2019 – Security researchers of McAfee Labs announced the discovery of a ransomware activity targeting users mainly in the United States and Western Europe. It was called Anatova, based on the name of the ransom message. Anatova is a 64bits application with the compile date of January, 1st, 2019, spread with the help of multiple techniques and was first discovered in a private p2p network. After executing, the malware downloads additional DLLs, scans Windows OS for files with predetermined extensions, encrypts them, and demands ransom in cryptocurrency to unlock the files, to be precise 10 DASH – worth about $700 today. McAfee researchers believe that Anatova could become a serious threat as it has strong protection against static analysis and additional modules which are inactive in the 1.0 version.
The malware examins what system language is initially set on the computer and turns off not to be able to make victims in Syria, Egypt, Morocco, Iraq, India and in countries of the former Soviet Union that could mean the Anatova authors might come from there. Despite experts’ forecasts that cryptocurrency miners will push ransomware out of business, fresh ransomware families continue to appear on the world stage. Spot such infections in your infrastructure as early as possible with Ransomware Hunter rule pack which provides detection and automatic alerting covering full threat life-cycle by natively integrating with your SIEM: https://my.socprime.com/en/integrations/ransomware-hunter-arcsight