The Akira ransomware has introduced a new wiper module that enhances its effectiveness by permanently deleting file contents even when the ransom is paid. Identified through Trend Micro's research, the module calls for key-based activation and operates to disrupt recovery efforts post-encryption. Victims can see file names but lose access to any data, marking a significant evolution in ransomware tactics. The Anubis variant employs advanced encryption schemes while also implementing measures to avoid total system lockout, highlighting its strategic design and dangerous potential for cybercriminal activity.
The wiper function is activated via the command-line parameter '/WIPEMODE' with key-based authentication. When activated, the wiper deletes all file contents and reduces files to 0 KB, but the file names and folder structures remain intact. Victims can still see their files, but the contents are permanently lost.
Trend Micro discovered the new module in recent Anubis samples. The software is designed to thwart recovery operations even after the initial encryption, the security company explains. Trend Micro sees this extra destructive nature as a competitive advantage.
Collection
[
|
...
]