Anubis is a ransomware-as-a-service group active since December 2024 that targets healthcare, engineering, construction, and professional services sectors, offering affiliates a flexible revenue split model and an optional destructive "wipe mode" alongside standard encryption.
Genera un perfil del actor con IA (defensivo) cuando lo pidas.
Este grupo no tiene TTPs curadas. Puedes generar un mapeo MITRE ESTIMADO por IA (no confirmado) a partir de su descripción/notas, solo cuando lo pidas.
Firma de detección defensiva para este grupo (úsala en tu EDR/SIEM). Fuente: ransomware.live.
/*
anubis ransomware
*/
rule anubis_Ransomnote
{
meta:
author = "ransomware.live"
family = "ransomware.anubis"
description = "Detects anubis ransomware ransom note or artifact"
date = "2026-05-04"
severity = 7
score = 70
strings:
$name1 = "anubis" ascii nocase
$name2 = "ANUBIS" ascii
$onion = "anubis.onion" ascii nocase
condition:
any of them
}
[www.jeffreyburr.com]
A small breach, real employee data.
| Organización | País | Sector | Grupo | Descubierta |
|---|---|---|---|---|
| Jeffrey Burr | US | Consumer Services | — | 5 jun 2026 |
| D&M Contractors | GB | Construction | — | 5 jun 2026 |
| Singing River Health System | US | Healthcare | — | 3 jun 2026 |
| Power & Tel | Telecommunication | — | 1 jun 2026 | |
| EXCEED Energy | Energy | — | 27 may 2026 | |
| Copec S.A. | CL | Energy | — | 14 ene 2026 |
| Comercializadora S&E Perú | PE | Not Found | — | 25 feb 2025 |
Las direcciones de los sitios de filtración (.onion) se conocen pero no se publican ni se enlazan. Solo se muestran metadatos públicos. ética
New data breach at a large health system provider.
Data breach exposes ecommerce platforms’ dirty laundry.
Data breach at an international well management specialist.
Data Breach at One of Chile's Leading Companies