Anatova ransomware: A new type of ransomware is disguised as an app or game cheating its victims, who think they are installing something completely harmless on their computer.
Anatova ransomware first appeared on 1 in January and the code it contains suggests that its developers are very experienced.
It has the ability to quickly transform, since new hidden tactics and new propagation mechanisms can easily be added. Anatova ransomware comes equipped with very strong encryption, using two RSA keys to lock its victims' records.
Due to these possibilities and the way malware develops, the security researchers McAfee, who discovered the ransomware, warn that Anatova is a project of skilled developers and is a very serious threat.
"Anatova has the potential to become very dangerous with its modular architecture, which means that new features can be easily added. "Malware has been written by experienced developers who have several built-in features to make sure that standard ransomware protection methods can be overcome and are ineffective," said Christiaan Beek, McAfee's head of research.
The largest number of victims to date are in the US, Belgium, Germany, France, the United Kingdom and other European countries.
Anatova is disguised as a free game or software, which aims to attract unsuspecting users to download and install the ransomware. Researchers say, however, that it could be spread in many different ways in the future.
Malicious software after installing it into a system creates two RSA keys using a crypto API that will encrypt all the strings before creating the random keys to encrypt the victim's system.
Those who get infected with Anatova will also see the ransom note that requires about 700 dollars to decrypt the files.
The note gives a wallet address for payment in cryptocurrencies, and states somewhat ironically "nothing personal, only business".
One last thing to mention is that Anatova ransomware does not pollute systems from Russia, Syria, Egypt, Morocco, Iraq and India.