Anatova ransomware which was discovered recently is being touted by security researchers as more advanced than the Ryuk ransomware which had hit in August last year.
The ransomware was first detected and reported by McAfee researchers who believe it can become a serious threat considering the code of the ransomware is built for module extension, i.e. new features can be added to the
Anatova was detected by the McAfree security researches in a private P2P file sharing network which usually is used for sharing cracked games and software among other more legitimate uses.
So far the problems seems to be largely affecting the USA and parts of Europe.
Anatova tries to encrypt as much as possible
Anatova fools the user into clicking on the executable by replacing and mimicking the icon of a game or application and asks for admin rights, once granted it quickly tries to encrypt as many files as possible on the PC as well as check the network for any shared drives or folders and encrypt them too.
Once the files are encrypted it asks the user to send 10 DASH cryptocurrency (approx $700) to a particular address to get the decryption software.
It also deletes the default volume shadow copies to ensure you can’t do a recovery.
Unique and sophisticated
One of the things that makes Anatova unique is that it is asking for the ransom in DASH instead of the typical Bitcoin or Monero.
This according to the researcher is due to the fact that DASH recently implemented several privacy enhancing protocols making it difficult to trace the transactions.
But Anatova is also incredibly sophisticated in the way it tries to evade analysis and detection which suggests that the ransomware wasn’t built on source code available for sale on the
