Ransomware Surge in 2025: The Rise of Anubis and Other Cyber Extortion Groups

By /

Listen to this Post

The Growing Cybersecurity Crisis

The cybersecurity landscape in 2025 is witnessing a surge in ransomware and extortion attacks. In just the first two months of the year, six new ransomware groups have emerged, each establishing data-leak sites (DLSs) to publicize stolen information and pressure victims into paying ransoms.

Among these groups, Anubis has stood out due to its sophisticated Ransomware-as-a-Service (RaaS) model, offering cybercriminals a structured platform to conduct extortion. The other notable groups include Kraken, Morpheus, GD LockerSec, Babuk2, and Linkc—each contributing to the escalating threat landscape.

Anubis: A Rising Power in Cybercrime

Anubis has rapidly gained notoriety for its organized and professional approach. As of February 25, 2025, its data-leak site lists four confirmed victims, spanning the United States, Peru, and Australia. Notably, First Defense Fire Protection (FDFP) and Summit Home Health, INC. have confirmed breaches, with leaked data including personal information, financial records, and corporate documents.

Unlike many ransomware groups, Anubis follows a selective attack strategy. It avoids targeting organizations in ex-USSR and BRICS countries, as well as sectors like education, government, and non-profits. Instead, its primary focus is on high-value entities in regions such as North America, Europe, Canada, and Australia.

Operational Tactics and Advanced Ransomware Capabilities

Anubis operates with cutting-edge ransomware features, making its attacks highly effective:

  • Cross-platform functionality, enabling infections across multiple operating systems.
  • High-speed encryption, utilizing ChaCha and ECIES algorithms for rapid and secure data encryption.
  • Privilege escalation techniques, allowing the ransomware to bypass security defenses.
  • Anti-defense mechanisms, designed to evade antivirus and endpoint detection tools.

Anubis also leverages cybercriminal forums and social media platforms, such as X (formerly Twitter), to advertise leaks, recruit affiliates, and publicize breaches. Its DLS is well-structured, featuring sections for victim blogs, operational rules, and FAQs, making it a highly organized extortion operation.

Affiliate Model and Revenue Sharing

Like many modern ransomware groups, Anubis operates under an affiliate program that incentivizes cybercriminals through revenue-sharing models:

  • 50-50 split for monetizing initial access to victim systems.

– 60-40 split for full data ransom operations.

This RaaS approach allows Anubis to expand rapidly, as independent hackers and criminal groups can easily join and launch attacks with minimal effort.

A Growing Cyber Threat

The rise of Anubis and other ransomware groups highlights the increasing sophistication of cybercriminal enterprises. While some organizations disclose breaches, many others remain silent due to reputational risks. As these threats evolve, businesses must reinforce their cybersecurity defenses to prevent devastating financial and data losses.

What Undercode Say: The Deeper Implications of

The emergence of Anubis and other ransomware groups in early 2025 marks a dangerous shift in cybercrime tactics. Here’s what this means for the broader cybersecurity landscape:

1. The Evolution of Ransomware-as-a-Service (RaaS)

The RaaS model is becoming more sophisticated, lowering the barrier for entry into cybercrime. Even low-skilled hackers can now conduct ransomware attacks by simply partnering with an established group like Anubis. This franchising approach makes ransomware operations more scalable and dangerous.

2. Targeted Attacks on High-Value Entities

Unlike traditional ransomware that casts a wide net, Anubis is highly selective. By avoiding government, education, and non-profits, it reduces the likelihood of attracting global law enforcement attention while focusing on profitable businesses. This strategic targeting makes it harder for cybersecurity teams to predict where the next attack will occur.

3. Increasing Use of Public Platforms for Extortion

Anubis and other groups now use X (Twitter), cybercriminal forums, and even Telegram to leak stolen data and pressure victims into paying ransoms. This public shaming strategy can cause severe reputational damage, forcing many companies to pay quietly rather than risk exposure.

4. Advanced Encryption and Evasion Tactics

Anubis’ use of ChaCha and ECIES encryption makes it difficult for even advanced forensic teams to recover data. Additionally, its privilege escalation and anti-defense mechanisms show that ransomware developers are actively working to defeat modern cybersecurity solutions.

5. The Role of Initial Access Brokers (IABs)

Anubis isn’t just encrypting files—it’s also purchasing or partnering with Initial Access Brokers (IABs), who specialize in selling compromised credentials and backdoor access to corporate networks. This synergy between ransomware operators and IABs means that even well-defended organizations can be compromised through stolen credentials.

6. The Hidden Cost of Ransomware Attacks

Beyond ransom payments, companies hit by ransomware face long-term costs:

  • Downtime and operational disruptions lead to revenue losses.
  • Legal and compliance fines for mishandling personal data.

– Reputational damage that can erode customer trust.

– Potential lawsuits from affected clients or employees.

7. Law Enforcement Challenges in Tackling RaaS Groups

Despite global efforts, shutting down RaaS operations is extremely difficult because:

  • Many groups operate from jurisdictions with weak cybercrime enforcement.
  • Anubis and similar groups frequently change hosting providers and infrastructure.
  • The use of cryptocurrencies for ransom payments makes transactions harder to trace.

8. Defensive Strategies for Organizations

Businesses and cybersecurity teams must evolve their defenses to counter threats like Anubis:

✅ Implement strong access controls – Use multi-factor authentication (MFA) to prevent credential theft.
✅ Regularly update software and systems – Patch vulnerabilities before attackers exploit them.
✅ Deploy AI-driven threat detection – Identify and mitigate suspicious activity before encryption begins.
✅ Conduct employee cybersecurity training – Phishing remains a primary attack vector.
✅ Develop a robust incident response plan – Know how to react quickly in case of a breach.
✅ Backup critical data offline – Ensure quick recovery without paying a ransom.

Conclusion: The Future of Ransomware

With Anubis and other ransomware groups refining their strategies, the cybersecurity landscape in 2025 will become even more challenging. Companies that fail to adapt their defenses risk falling victim to these increasingly professionalized cybercriminal enterprises.

The best defense is proactive security—anticipating threats before they strike. Organizations must move beyond reactive measures and invest in threat intelligence, employee awareness, and cutting-edge security solutions to stay ahead of the next wave of ransomware attacks.

References:

Reported By: https://cyberpress.org/ransomware-group-data-leak-sites/
Extra Source Hub:
https://www.linkedin.com
Wikipedia: https://www.wikipedia.org
Undercode AI

Image Source:

OpenAI: https://craiyon.com
Undercode AI DI v2Featured Image

Explore More: