The release of new ransomware is nothing new. All pose a threat to users and their computer systems. A new version released, however, recently seems to be targeting those who download games and software.
Anatova is a new version that emerged on 1st January. The code behind this new virus is thought to have been created by experienced developers.
Not only does it have the ability to adapt quickly, but there is also strong encryption. Anatova uses a pair of RSA keys, locking users out. RSA keys are used successfully by other ransomware like GandCrab.
Security researchers at McAfee have warned that it has the potential to become a serious threat. Christiaan Beek, lead scientist and principal engineer at McAfee, said it’s functionalities make typical methods to overcome ransomware ineffective.
Beek also warned that it’s modular architecture means new functionality can be easily added.
Anatova uses by peer-to-peer networking and masquerades as free downloads of games and software. This tempts unsuspecting users to download it to their computers.
The Ransomware then creates a pair of RSA keys using the crypto API. These random keys used to encrypt the target system and deploy the ransomware.
Once the user’s computer is infected, Anatova sends a ransom note. This demand is for payment in cryptocurrency of 10 Dash (around $700). It also provides a cryptocurrency wallet to make the payment and then directs the user to email the hackers to release the computer.
The people behind Anatova is not known, but it terminates itself if downloaded by anyone in the Commonwealth of Independent States. These states include Russia and other former Soviet Union countries.
The ransomware has also been refusing to infect systems in Syria, Egypt and Iraq.
Senior malware analyst at McAfee, Alexandre Mundo notes it’s normal for originating countries to be excluded from infection. However, it is surprising to see additional countries also being immune.