New Ransomware Masquerading as Apps and Games: Potential Serious Threat

A new form of ransomware is disguising itself as apps and games to trick people into downloading and launching it on their devices. Since January 1, 2019, cybercriminals have been using this dangerous ransomware, known as Anatova, to hold victims’ files for ransom. It has been found worldwide, with the largest number of victims in the United States.

How Anatova Works and Why It Is So Dangerous

Anatova typically masquerades as the icon of an app or game to trick people into downloading it. During installation, it requests administrative rights. After the ransomware makes sure it is on a legitimate computer, it encrypts the files on the machine. It also encrypts the files on any network shares connected to the device. Once all the files are encrypted, the victim is presented with a ransom note asking for 10 Dash. Dash is a type of cryptocurrency — 10 Dash is worth around $700 [USD] at the time of this writing. Victims are allowed to decrypt one JPG file for free as proof that the files can and will be decrypted if they pay the ransom.

While Anatova sounds like many other ransomware programs, security experts are warning that it is a serious threat. One reason why Anatova is so dangerous is that uses a variety of methods to prevent detection. For example, it uses dynamic calls that have been designed to not raise suspicion. Similarly, it uses techniques to deter analysis, such as memory cleaning functions.

Even more troubling is that cybercriminals can easily add new functionality to Anatova because of its modular architecture. Thus, they can quickly adapt Anatova to make it more effective. For instance, they might add new techniques to evade detection or new spreading mechanisms. The latter is of particular concern. Currently, Anatova has only been found on private peer-to-peer networks, but researchers believe it could be spread other ways in the future. It is being identified as a serious potential threat.

How to Protect Your Business

To avoid having your business become a victim of Anatova or another ransomware variant, you need to educate employees about ransomware. Topics to cover include:

• What ransomware is and how cybercriminals commonly spread it. Besides covering how Anatova is being distributed through downloads, it is important to cover how ransomware can be spread through other methods, such as phishing emails.
• Warn employees about the dangers of downloading and opening executables (e.g., apps, games) and files (e.g., PDF files) from peer-to-peer networks and the Internet. This is a good time to discuss your company’s policy regarding when employees are permitted to download executables and files and the sources where employees are allowed to get them.
• Tell employees about other dangerous practices that can lead to a ransomware infection, such as clicking links and opening attachments in emails, especially if the emails are from unknown senders.
• Stress the importance of avoiding any content flagged as a potential security threat by security software or web browsers, as it might contain malicious code.

Besides educating employees, you need to take other measures, including:

• Making sure your security software is current version on every computer in your business
• Regularly updating the apps installed on your computers so that known security vulnerabilities are patched
• Making sure you have trusted restorable backups of your data in case a ransomware attack occurs

Please let us know if you would like to continue the conversation. We are at your service.  Simply contact your PC Corp Account Manager or email us at info@pccorp.com.

Image by Gerd Altman by Pixabay