Wipe, Leak, Extort: The Crazy Hybrid Playbook Of Anubis Ransomware
Barracuda, July 11,2025
Anubis is a ransomware-as-a-service (RaaS) operation that emerged in December 2024, and quickly distinguished itself by integrating file-wiping capabilities alongside the traditional encryption and data exfiltration.
The group operates multiple affiliate programs with revenue splits ranging from 50% to 80%, and targets multiple sectors in several countries, including Australia, Canada, Peru and the United States.
Anubis' origin story
Anubis is thought to have started its current life under the codename "Sphinx," which was originally observed in late 2024. Samples of Sphinx ransomware were found to have ransom notes that lacked both a TOR site and unique ID, suggesting that either the malware was in development or the operators were new and inexperienced.