Threat Intelligence firm Kela warns of a new ransomware group called Anubis operating as a RaaS service with an extensive array of options for affiliates.
February 26, 2025 By Kevin Townsend
Threat Intelligence firm Kela warns of a new ransomware group called Anubis operating as a RaaS service with an extensive array of options for affiliates.
The group emerged as recently as late 2024, although the researchers believe that its members have experience in ransomware, both malware and operations. Information on Anubis comes from an analysis of the group’s dark web footprint rather than code analysis of the ransomware.
As with most ransomware groups today, Anubis uses double extortion. The researchers suggest that “Anubis appears to be an emerging threat, highlighting different business models employed by modern extortion actors.”
Kela bases its blog report on two Anubis actors that it is tracking on the dark web and on X. One, known as ‘superSonic’, advertised new affiliate programs on the RAMP cybercrime forum on February 23, 2025. These programs include Anubis Ransomware, Anubis Data Ransom, and Access Monetization.