The newly identified "Anubis" ransomware group combines double extortion tactics with RaaS and affiliate models to strike critical industries.
"Anubis" appears to be targeting critical sectors, with victims spanning healthcare and construction. Companies hit include Australia's Pound Road Medical Centre, Canada’s Summit Home Health, Peru’s Comercializadora S&E, and most recently, a U.S.-based engineering firm.
KELA researchers have traced Anubis's activity back to late 2024.
Researchers have identified Anubis operatives on RAMP and XSS, posting under names like 'supersonic' and 'Anubis_ _ media.' The use of Russian in their messages points to a possible regional affiliation.
KELA researchers suspect that Anubis is being run by ex-affiliates of established ransomware groups or cybercriminals with a track record in data extortion, based on the group's own statements and victim reports.
