RANSOMWARE OPERATION💰 FINANCIAL
anubis
1
aliases
Intelligence Profile
Anubis is a ransomware-as-a-service group active since December 2024 that targets healthcare, engineering, construction, and professional services sectors, offering affiliates a flexible revenue split model and an optional destructive "wipe mode" alongside standard encryption.
Threat Analysis
anubis is a ransomware operation that deploys encryption-based extortion against organizations globally. This group maintains a data leak site (DLS) to pressure victims into paying ransom demands.
Financially motivated threat actors like anubis prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.
Intelligence Reports Mentioning anubis
Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials
The Hacker News· Jul 2, 2026
Adriatic Port Cyber-Attack by Anubis Sparks Warning Over Maritime Security Risks
Infosecurity Magazine· Jun 15, 2026
9th March – Threat Intelligence Report
Check Point Research· Mar 9, 2026
External References
Quick Facts
TypeRansomware Operation
Motivation💰 financial
Aliases1
Also Known As
anubis
DLS Infrastructure
● ONLINEom6q4a6cyipxvt7ioudxt24cw4oqu4yodmqzl25mqd2hgllymrgu4aqd.onion
● ONLINEanubisyfkh5rixydjpoo3jqucauajz2juybrbtuglcppjj2y3eg3y6ad.onion
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.