New Cryptocurrency Ransomware Could ‘Become Very Dangerous’, Researchers Warn

A newly discovered cryptocurrency ransomware strain called “Anatova” has the potential to “become very dangerous,” according to cybersecurity experts who revealed the strain is more advanced than others that have in the past launched successful campaigns.

Anatova, according to cybersecurity firm McAfee, hides in common files, usually those of popular games or applications, to fool potential victims. Once downloaded, it asks the victim for admin rights, and then proceeds to encrypt as many files as it can in a short amount of time, to then demand a Dash ransom.

As first reported by The Next Web, researchers have detected over 100 instances of Anatova in the US already, with various countries in Europe also being significantly affected.

Known cases of Anatova by region

Speaking to the news outlet Christiaan Beek, McAfee’s lead scientist, revealed Anatova has “the potential to become very dangerous with its modular architecture which means that new functionalities can easily be added.”

Specifically, Anatova is reportedly more sophisticated than Ryuk, a malware strain that is estimated to have collected over $3.7 million in bitcoin ransoms over a five-month period. The researchers believe the team behind Anatova is better than that of Ryuk, as it has a “more advanced design” that “tries to make analysis difficult.”

Per Christiaan, those behind Anatova “have embedded enough functionalities to be sure that typical methods to overcome ransomware will be ineffective.” This, by making sure data cannot be restored without the payment being made, and stopping generic decryption tools from being working on it.

Notably, Anatova is using Dash instead of other cryptocurrencies. While it isn’t the first ransomware strain to demand Dash instead of Bitcoin or Monero, demanding the privacy-centric cryptocurrency is uncommon.

Per Christiaan, there’s a reason:

The main reason [Antova is] using DASH is that it has implemented a number of privacy enhancing protocols that make tracing transactions difficult.

As The Next Web pointed out, the GandCrab ransomware family, first discovered early last year, was reportedly the first to demand Dash payments.