ANUBIZ LOCKER is a type of ransomware that encrypts all the files on a computer until the user pays a ransom. Files encrypted by ANUBIZ LOCKER will have a .lom extension appended at the end of the file name. ANUBIZ LOCKER is delivered through a Win32 EXE file and has been spotted inside the following files and processes: ['e_win.e']
Once installed, ANUBIZ LOCKER will display a notification informing the user that their files have been encrypted and demanding a ransom in order to decrypt them. To make payment, the user is directed to a web page where they can enter the ransom amount and select a payment method. Once payment is made, ANUBIZ LOCKER will release the user's files, although they may still have to pay the ransom again to remove the malware.
What is Ransomware?
Ransomware is a form of malware that encrypts a victim's files and holds them hostage until the victim pays a ransom to the malware authors. Typically, the victim is shown instructions for how to pay the ransom. If the victim does not pay, the victim's files remain encrypted and may be deleted.
How Does Ransomware Spread?
Ransomware is typically distributed via social engineering, spam and phishing campaigns. Hackers have also been known to distribute ransomware by exploiting security vulnerabilities in software. Hackers can also gain access to a system by infecting a legitimate website with ransomware or launching a drive-by download attack from a malicious website.
ANUBIZ LOCKER ransomware Capabilities
ANUBIZ LOCKER ransomware uses Replication Through Removable Media and Lateral Movement attack techniques. It may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executed. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
ANUBIZ LOCKER ransomware may use keylogging to capture user keystrokes, including passwords. The ransomware may also attempt to get a listing of open application windows to gain information about how the system is used or give context to information collected by the keylogger. ANUBIZ LOCKER ransomware uses File and Directory Discovery techniques to search for specific information within a file system. The information is used to determine whether or not the adversary fully infects the target.
Mitigations Against ANUBIZ LOCKER Ransomware
There are a few ways to mitigate ANUBIZ LOCKER ransomware attacks. One way is to utilize Yama to restrict the use of ptrace. Another way is to deploy security kernel modules that provide advanced access control and process restrictions.
Furthermore, disable Autorun if necessary and disallow or restrict removable media at an organizational policy level if required for business operations.
How to Remove Ransomware?
There are a few ways to remove ransomware from your computer. One way is to use backup files to restore your computer to a time before the ransomware infected your computer. Be sure to use antivirus software to remove the ransomware.
There are also ways to remove ransomware manually. Manual ransomware removal is not recommended for most people because it can be difficult for most people. If you decide to remove ransomware manually, make sure you do so safely to avoid putting your computer at risk.
How to Protect Against Ransomware?
There are several ways to protect yourself from ransomware. You can educate yourself on the tactics used by cybercriminals to avoid them. You can also make sure that your software is up-to-date and that you have a reliable antivirus installed. You can also keep your operating system, applications, and web browser up-to-date.
Routinely back up your computer and keep your files in a different location.
General guidelines to protect against ransomware:
- Use reliable antivirus software.
- Don't open suspicious links or emails.
- Use strong passwords.
- Install updates and patches to software.
- Teach your employees how to spot and avoid phishing attacks.
- Make sure your computer's operating system is up to date.