BTC $94104.9134
ETH $1804.3392
XRP $2.1742
BNB $600.3934
SOL $147.4903
DOGE $0.1804
ADA $0.7000
TRX $0.2508
stETH $1801.6960
WBTC $94044.8264
SUI $3.6153
LINK $14.5595
AVAX $22.2712
XLM $0.2846
USDS $0.9990
LEO $9.0298
TON $3.2943
HBAR $0.1890
wstETH $2164.8672
BCH $353.7589
LTC $85.4248
DOT $4.1434
HYPE $17.5272
BGB $4.3894
BSC-USD $1.0010
WETH $1803.7249
BTCB $94140.0561
USDE $0.9993
XMR $229.2168
weETH $1922.8829
PI $0.6363
WBT $29.3727
PEPE $0.0000
APT $5.5134
DAI $1.0002
UNI $5.7339
OKB $52.6072
NEAR $2.5693
TAO $351.2344
ONDO $0.9632
TRUMP $14.6405
GT $22.3071
ICP $5.1324
CBBTC $94046.0005
CRO $0.0918
KAS $0.0994
AAVE $169.2324
BTC $94104.9134
ETH $1804.3392
XRP $2.1742
BNB $600.3934
SOL $147.4903
DOGE $0.1804
ADA $0.7000
TRX $0.2508
stETH $1801.6960
WBTC $94044.8264
SUI $3.6153
LINK $14.5595
AVAX $22.2712
XLM $0.2846
USDS $0.9990
LEO $9.0298
TON $3.2943
HBAR $0.1890
wstETH $2164.8672
BCH $353.7589
LTC $85.4248
DOT $4.1434
HYPE $17.5272
BGB $4.3894
BSC-USD $1.0010
WETH $1803.7249
BTCB $94140.0561
USDE $0.9993
XMR $229.2168
weETH $1922.8829
PI $0.6363
WBT $29.3727
PEPE $0.0000
APT $5.5134
DAI $1.0002
UNI $5.7339
OKB $52.6072
NEAR $2.5693
TAO $351.2344
ONDO $0.9632
TRUMP $14.6405
GT $22.3071
ICP $5.1324
CBBTC $94046.0005
CRO $0.0918
KAS $0.0994
AAVE $169.2324
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • The Evolution of Data Ransom: A New Threat to Corporate Security

    In the ever-changing landscape of cybersecurity threats, a new and increasingly alarming business model has emerged on the dark web. Anubis, an affiliate program discovered by F6’s Threat Intelligence team, represents a significant shift in how cybercriminals are monetizing their hacks. Unlike traditional ransomware attacks that demand payment for the decryption of locked data, Anubis offers something new and even more sinister: "Data Ransom." This innovative blackmail scheme targets companies by exploiting sensitive data, without immediately using ransomware encryption. Instead, Anubis separates the process of stealing data from the ransom negotiation itself, creating a dangerous new weapon for cybercriminals.

    The Birth of Anubis: A New Affiliate Program

    Anubis operates under the familiar Ransomware as a Service (RaaS) model, where cybercriminals (referred to as partners) can rent malware for a share of the ransom proceeds. However, Anubis diverges from traditional ransomware programs by introducing a unique business model. The initial offering within Anubis mirrors standard RaaS schemes: partners are given a specially crafted encryption tool that they can deploy to lock victims' files and demand a ransom. This is the typical ransomware business model that has plagued organizations globally for years.

    But it’s Anubis’ second offering, the "Data Ransom" service, that is causing alarm in the cybersecurity community.

    Data Ransom: The New Blackmail Service

    The Data Ransom model takes a different approach. Instead of relying on encryption to hold a company’s data hostage, cybercriminals who have already infiltrated a company’s network and stolen sensitive information can pass that data to Anubis. The program then facilitates negotiations for a ransom with the targeted company. This separation of the hacking and blackmail stages provides new opportunities for cybercriminals and adds an extra layer of complexity for victims.

    The key feature of the Data Ransom model is the arsenal of pressure tactics that Anubis offers to its partners. Rather than immediately demanding money for data decryption, the Anubis program allows hackers to apply considerable pressure on the victim organization by leveraging the stolen data. These tactics include:

    • Notifying the company's business partners
    • Informing customers
    • Alerting regulatory authorities about the breach
    • Disclosing the data on social media platforms

    By creating a system where the negotiation and extortion of victims are outsourced to Anubis, hackers can continue their operations with fewer risks and greater profits.

    The Economic Structure of Anubis

    The financial model behind Anubis follows the well-established practices of RaaS programs, where the malware developers take a cut of the ransom payments. In the traditional RaaS model, the partner who uses the malware to launch an attack receives the lion’s share of the ransom—usually around 80%. The remaining 20% goes to the creator of the ransomware.

    In Anubis’ Data Ransom model, the financial split is slightly different. Here, the partner who provides the access to the target company receives 60% of the ransom, while Anubis retains 40%. This change reflects the added value of having a dedicated team handling the ransom negotiations and the leverage of using stolen data as a bargaining tool.

    However, there are significant restrictions placed on partners. For instance, the program explicitly prohibits attacks against:

    • Countries that were once part of the Commonwealth of Independent States (CIS)
    • The BRICS nations (Brazil, Russia, India, China, and South Africa)

    This restriction, while rare in other blackmail programs, indicates that the Anubis operators are trying to avoid targeting politically sensitive regions or nations with advanced cybersecurity capabilities.

    The Evolution of Anubis: A Link to InvaderX

    F6 analysts believe that Anubis may be the next evolution of the InvaderX partner program, another dark web service that had operated under a similar RaaS model. Several clues suggest a connection between the two programs, including the use of the same encryption algorithm: ECIES (Elliptic Curve Integrated Encryption Scheme). This encryption method is relatively rare in ransomware attacks, and its use in both programs suggests that Anubis could be a rebranded or upgraded version of InvaderX.

    Another similarity is the prohibition against targeting BRICS nations, which is an uncommon feature in most dark web affiliate programs. Moreover, the InvaderX program had ceased activity in late 2024, while the Anubis program only emerged in early 2025, with a new user—known as superSonic—registering on the forums and introducing Anubis as its flagship offering.

    The fact that participants in the Anubis program have already begun to leak data from at least four companies in the U.S., Australia, and Peru is a concerning development. These leaks, which occurred shortly after the program's launch, highlight the real-world implications of Anubis' existence and its potential for widespread damage.

    Anubis and the Changing Landscape of Cybersecurity

    The introduction of Data Ransom represents a chilling evolution in the world of cybercrime. Traditional ransomware attacks have been devastating for organizations, with cybercriminals demanding hefty sums for the return of encrypted data. However, with Data Ransom, the extortion is not tied to the release of encrypted files, but to the threat of exposing sensitive data to the public and various stakeholders.

    This shift in the cybercriminal ecosystem poses significant challenges for cybersecurity professionals and companies alike. With the growing sophistication of ransomware and data extortion schemes like Anubis, it is becoming increasingly difficult for organizations to defend against these threats. Not only must they safeguard their networks from initial breaches, but they must also develop comprehensive response strategies for managing the fallout if and when their data is stolen and exposed.

    As organizations grapple with these evolving threats, it is crucial to stay informed about the latest developments in cybercrime and bolster defenses against these emerging tactics. This includes:

    • Implementing strong cybersecurity measures
    • Conducting regular security audits
    • Educating employees about phishing and social engineering attacks
    • Preparing incident response plans for potential data breaches

    Conclusion: The Need for Vigilance and Adaptability

    Anubis represents a new breed of cybercrime that combines the traditional ransomware model with new, more complex tactics. By outsourcing the ransom negotiation process and leveraging stolen data, Anubis offers cybercriminals a more flexible and potentially more profitable approach to extortion. Organizations must be aware of these developments and remain vigilant in defending against these evolving threats.

    As the cybercrime landscape continues to shift, only those who adapt and strengthen their defenses will be able to safeguard their data and their reputation in an increasingly hostile digital world.

     

    The Digital Evolution of Organized Crime: How Technology Shapes a New Criminal Empire
    “Allow Access?”: How Zoom Became the Front Door for Crypto Theft

    Comments 0

    Add comment