The cybersecurity landscape has seen a significant escalation in ransomware activity, with six new ransomware and extortion groups establishing data-leak sites (DLSs) in the first two months of 2025.
According to Cyjax, these groups include Kraken, Morpheus, GD LockerSec, Babuk2, Linkc, and the newly identified Anubis.
The latter operates as a sophisticated Ransomware-as-a-Service (RaaS) platform, offering affiliates tools for data ransom and monetization of unauthorized access.
Anubis: A Rising Threat
Anubis has quickly gained attention due to its professional operations and global victimology.
As of February 25, 2025, its DLS lists four victims across the United States, Peru, and Australia.
Notable victims include First Defense Fire Protection (FDFP), which has confirmed a data breach, and Summit Home Health, INC.
The leaked data encompasses sensitive information such as personal identification details, financial records, and internal corporate documents.
The group’s operations are highly targeted. Anubis avoids attacking entities in ex-USSR and BRICS countries or sectors like education, government, and non-profits.
Instead, it focuses on high-value targets in regions such as the United States, Europe, Canada, and Australia.
Its DLS is well-structured with sections for victim blogs, news updates, FAQs, and operational rules.
Additionally, the group uses cybercriminal forums and social media platforms like X (formerly Twitter) to advertise leaks and recruit affiliates.
Operational Tactics and Partnerships
Anubis exemplifies the evolving nature of ransomware groups by combining extortion tactics with affiliate programs.
Its ransomware binary boasts advanced features such as cross-platform capabilities, high-speed encryption using ChaCha and ECIES algorithms, privilege escalation mechanisms, and anti-defense systems.
According to the Report, Affiliates can partner with Anubis under revenue-sharing models that range from 50-50 for initial access monetization to 60-40 for data ransom operations.
Moreover, Anubis leverages its partnerships to expand its reach.
Its cybercriminal forum accounts have been active since late 2024 and were previously used to sell “fullz” (complete personal information sets).
These accounts now promote its DLS services and ransomware tools. The group also maintains an active presence on X to publicize breaches.
The emergence of new ransomware groups underscores the growing threat posed by organized cybercriminal enterprises.
Anubis’ rapid rise demonstrates how ransomware operators are refining their methods to maximize impact while minimizing detection risks.
With one confirmed victim acknowledging a breach and others potentially remaining silent due to reputational concerns, organizations must bolster their defenses against such sophisticated threats.
As ransomware groups like Anubis continue to evolve their strategies and expand their operations globally, cybersecurity professionals face mounting challenges in safeguarding sensitive data and preventing extortion attempts.
