There’s a new ransomware family on the block that’s targeting gamers. Discovered by US computer security software company McAfee and dubbed ‘Anatova’, the malware imitates the icon of a game or application to fool consumers into downloading it.

Once downloaded, affected users will have their files encrypted and told to pay up in cryptocurrency to regain access to their files.

The hackers are asking for 10 DASH, which is currently valued at around $700 or £540. McAfee notes this is “quite high” compared to other ransomware families.

McAfee researchers discovered the new strain of ransomware earlier this month on a peer-to-peer file sharing network, but only recently made their research public.

Who’s behind Anatova?

The type of code used suggests that the people behind Anatova are experienced threat actors.

“Creating a quick and fast piece of ransomware is fairly easy for those with basic know-how,” said Christiaan Beek, lead scientist & principle engineer at McAfee.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

“Ransomware packed with functionality that is also difficult to analyse, such as Anatova, is more difficult to create from scratch.”

Anatova has functions not often seen in ransomware families, but does share some similarities to some of the most destructive families of ransomware, such as GrandCrab.

According to McAfee, Anatova could prove to be a big threat because of its modular nature, which means it can be updated to include new functions that make it harder to combat.

“Anatova has the potential to become very dangerous with its modular architecture, which means that new functionalities can easily be added,” explained Beek.

“The malware is written by experienced authors that have embedded enough functionalities to be sure that typical methods to overcome ransomware will be ineffective, for instance data can’t be restored without payment and a generic decryption-tool cannot be created.”

According to McAfee, Anatova has been discovered all around the world, with most incidents occurring in the US.

However, Syria, Egypt, Morocco, Iraq, India and the Commonwealth of Independent States, which includes Russia, Ukraine and Azerbaijan, remain unaffected.

If the infected device is on a network-share, Anatova will also encrypt files on these shares.

The full technical details about the Anatova virus can be found here.


Read more: McAfee: Cryptomining malware has grown more than 4,000%