2 min

Tags in this article

, , ,

McAfee researchers report they’ve found a new type of ransomware. The ransomware is aimed at consumers worldwide and is given the name Anatovabased on the name found in the ransomware. Anatova has also been spotted in the Netherlands and Belgium.

Anatova was found in a private peer-to-peer network and focuses on consumers. According to the researchers, the code was used to establish that the malware in question was not developed by ordinary hackers, but by experienced developers. We believe that Anatova can become a serious threat, as the code is prepared for modular expansion, according to McAfee’s researchers.

Modular malware

According to the researchers, Anatova can easily be adjusted. This ensures that if the malware is detected, it can be modified to prevent it from being found. Like so many other forms of ransomware, once it is on a device, Anatova encrypts files and demands a payment. At the moment it asks for 10 dash, a crypt currency that is worth 68 dollars a piece. The total amount of ransom to be paid is just $680.

According to 2-Spyware, Anatova makes certain changes to Windows in order to get extensive access to the software. It then searches for certain file types, including .jpg, .doc, .mp3, .avi, .pdf and many others. The data is then encrypted with a strong algorithm that makes the data really unusable.

Excluded countries

The people behind the ransomware have so far been able to spread it widely and use all kinds of methods to do so. Not only through spam mails, but also brute-force attacks, hacked websites, installers, downloads and fake updates. The ransomware has so far been most detected in the United States, followed by Belgium. In the Netherlands, there are far fewer detections compared to those countries.

Strikingly enough, Anatova has been developed specifically to prevent computers from being infected in certain countries. These are former Soviet countries, but also Syria, Egypt, Morocco, Iraq and India. According to McAfee researchers, this is often an indication that one of the developers comes from there. But in this case it is surprising to see other countries as well. We have no clear hypothesis as to why these countries are specifically excluded.

There is currently no tool for releasing encrypted files.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.