Stenobird

Episode

95; Anubis Ransomware

Podcast
Inside Darknet
Published
Nov 22, 2025
Duration seconds
1464
Processing state
processed
Canonical source
https://podcasters.spotify.com/pod/show/insidedarknet/episodes/95-Anubis-Ransomware-e3ba69t
Audio
https://traffic.megaphone.fm/APO1676092333.mp3
JSON
/v1/public/podcasts/inside-darknet-6682885/episodes/95-anubis-ransomware
Markdown
/podcast/inside-darknet-6682885/95-anubis-ransomware.md

Actions

  • POST https://stenobird.com/v1/public/podcasts/inside-darknet-6682885/episodes/95-anubis-ransomware/transcription-requests
    Idempotently request low-priority transcript generation for this episode.
  • GET https://stenobird.com/podcast/inside-darknet-6682885/95-anubis-ransomware.md
    Read the agent-friendly Markdown representation of this episode resource.

Summary

An interview with the Anubis ransomware group, a collective of professional penetration testers turned cybercriminals. The group discusses their business model of providing detailed vulnerability reports alongside data encryption to force corporate compliance.

Topics

  • Ransomware
  • Penetration Testing
  • Cybercrime Business Models
  • Data Exfiltration
  • Supply Chain Attacks
  • Cybersecurity Strategy
  • Digital Extortion

Highlights

  • Main idea: Anubis operates as a specialized group of experienced penetration testers rather than typical opportunistic business operators
  • Business model: The group provides a 'penetration report' alongside encrypted data, framing their extortion as a forced security audit
  • Targeting strategy: They avoid CIS/GUS countries to protect their local ecosystem but aggressively target high-resource entities in the US, Europe, and Australia
  • Failure mode: Companies often suffer secondary breaches through supply chain vulnerabilities even after resolving an initial ransomware incident
  • Practical takeaway: Security must be a core management priority rather than a cost center to prevent becoming a target for professionalized groups

Chapters

  1. 1:00 The Ransomware Scenario: A visualization of a Monday morning IT disaster where all backups are deleted and systems are encrypted.
  2. 11:40 The Anubis Identity: The group distinguishes itself from financial malware trojans, claiming a background in professional penetration testing.
  3. 13:30 Geopolitical Boundaries: Discussion on why the group avoids targeting CIS countries and China to maintain stability in their operational regions.
  4. 15:20 The Infrastructure of Extortion: An explanation of the group's organizational structure, consisting of core operators and a large network of money launderers.
  5. 17:00 Attack Timing and Tactics: Why attackers target weekends and the specific logic behind destroying data versus simply encrypting it.
  6. 18:50 Case Study: Rapid Exfiltration: A breakdown of a successful attack on a US insurance company involving the extraction of 6TB of data in four days.
  7. 22:20 The Necessity of Security: A closing argument on why proactive cybersecurity is a fundamental requirement for modern corporate survival.