Anubis Ransomware Emerges as a New Threat to Critical Industrial Sectors

A newly identified ransomware group, Anubis, is employing a mix of double extortion tactics, ransomware-as-a-service (RaaS), and affiliate partnerships to target organizations in critical industrial sectors for maximum leverage and financial gain.

Key Targets and Activity

Since at least Q4 2024, Anubis has been actively compromising businesses across various industries. Notable victims include:

• Pound Road Medical Centre (Australia) – Healthcare
• Summit Home Health (Canada) – Healthcare
• Comercializadora S&E Perú – Engineering & Construction
• A U.S.-based engineering & construction firm (recently added to the victim list)

These incidents suggest Anubis is strategically selecting industries where downtime can have severe consequences, increasing pressure for ransom payments.

Origins and Operations

Cybersecurity firm KELA has linked Anubis to threat actors on underground forums like RAMP and XSS, where they operate under aliases such as "supersonic" and "Anubis__media."

• Communications and posts from Anubis are written in Russian, pointing to a possible Eastern European or Russian-speaking origin.
• The group may include former affiliates of other ransomware gangs, based on their established knowledge of data extortion and ransomware operations.

With its aggressive tactics and focus on high-stakes industries, Anubis is quickly positioning itself as a formidable player in the ransomware ecosystem, demanding heightened vigilance from targeted sectors.