The Internet is a boon to mankind, but it has its own perils. Cybercrimes are on the rise and hackers are constantly looking out for potential victims for monetary gain. One of the most common and dangerous cyber-attacks involve ransomware, which holds internet users' precious data for a quick payoff. In one such instance, Anatova ransomware is being touted as the next big threat to users.
McAfee, a renowned cybersecurity firm, discovered Anatova and its deadly methods to deploy ransomware attack on unsuspecting users. The malicious software disguises as free games and software so people would download it and then it uses evasive techniques to deploy an attack and bypass popular methods used to detect ransomware.
"Anatova has the potential to become very dangerous with its modular architecture which means that new functionalities can easily be added. The malware is written by experienced authors that have embedded enough functionalities to be sure that typical methods to overcome ransomware will be ineffective," Christian Beek, a lead scientist and principal engineer at McAfee, wrote in an official blog.
Anatova ransomware is targeting internet users across the globe, but attacks have been reported in the US, Belgium, Germany, France, the UK and other European countries. In what seemed suspicious to the security researchers, countries like Syria, Iraq and former Soviet Union countries were immune to the attack, which raises the likelihood of the origin of this ransomware. Experts haven't been able to identify the brains behind Anatova.
According to McAfee, the Anatova ransomware has been designed to affect users based on the language of the OS system. If it detects languages from blacklisted countries, in this case also extends to India and Morocco, the malware won't deploy an attack.
What happens when Anatova attacks?
Once Anatova successfully launches its attack on the victim's computer, it then locks access to the system and personal files, making it difficult for any anti-malware software to perform. Once all files are under lockdown, the ransomware then demands 10 Dash, which is a form of cryptocurrency. The ransom, equivalent to $700, is to be transferred to a cryptocurrency wallet address.
The hackers behind Anatova claim to provide decryption keys to the files when the demand is met. Until then, the following message is displayed on the victim's computer: "Dont try to f*ck us, in this case you NEVER will recover your files. Nothing personal, only business."
What should you do?
Clearly, paying the ransom isn't experts' advice as trusting hackers' ethics are questionable. But users must always back up important files using an external drive, which will not give much to hackers to leverage against.
It's better to be safe than sorry.