# 95; Anubis Ransomware

Page: https://stenobird.com/podcast/inside-darknet-6682885/95-anubis-ransomware
Text version: https://stenobird.com/podcast/inside-darknet-6682885/95-anubis-ransomware.md
Podcast: [Inside Darknet](https://stenobird.com/podcast/inside-darknet-6682885)
Published: 2025-11-22T09:00:00+00:00
Episode link: https://podcasters.spotify.com/pod/show/insidedarknet/episodes/95-Anubis-Ransomware-e3ba69t
Audio file: https://traffic.megaphone.fm/APO1676092333.mp3
Processing state: processed
JSON: https://stenobird.com/v1/public/podcasts/inside-darknet-6682885/episodes/95-anubis-ransomware
Duration seconds: 1464

## Resource

An interview with the Anubis ransomware group, a collective of professional penetration testers turned cybercriminals. The group discusses their business model of providing detailed vulnerability reports alongside data encryption to force corporate compliance.

## Highlights
- Main idea: Anubis operates as a specialized group of experienced penetration testers rather than typical opportunistic business operators
- Business model: The group provides a 'penetration report' alongside encrypted data, framing their extortion as a forced security audit
- Targeting strategy: They avoid CIS/GUS countries to protect their local ecosystem but aggressively target high-resource entities in the US, Europe, and Australia
- Failure mode: Companies often suffer secondary breaches through supply chain vulnerabilities even after resolving an initial ransomware incident
- Practical takeaway: Security must be a core management priority rather than a cost center to prevent becoming a target for professionalized groups

## Topics

Ransomware, Penetration Testing, Cybercrime Business Models, Data Exfiltration, Supply Chain Attacks, Cybersecurity Strategy, Digital Extortion

## Chapters
- 1:00 — The Ransomware Scenario: A visualization of a Monday morning IT disaster where all backups are deleted and systems are encrypted.
- 11:40 — The Anubis Identity: The group distinguishes itself from financial malware trojans, claiming a background in professional penetration testing.
- 13:30 — Geopolitical Boundaries: Discussion on why the group avoids targeting CIS countries and China to maintain stability in their operational regions.
- 15:20 — The Infrastructure of Extortion: An explanation of the group's organizational structure, consisting of core operators and a large network of money launderers.
- 17:00 — Attack Timing and Tactics: Why attackers target weekends and the specific logic behind destroying data versus simply encrypting it.
- 18:50 — Case Study: Rapid Exfiltration: A breakdown of a successful attack on a US insurance company involving the extraction of 6TB of data in four days.
- 22:20 — The Necessity of Security: A closing argument on why proactive cybersecurity is a fundamental requirement for modern corporate survival.

## Actions

- request_transcript: `POST https://stenobird.com/v1/public/podcasts/inside-darknet-6682885/episodes/95-anubis-ransomware/transcription-requests` — Idempotently request low-priority transcript generation for this episode.
- read_markdown: `GET https://stenobird.com/podcast/inside-darknet-6682885/95-anubis-ransomware.md` — Read the agent-friendly Markdown representation of this episode resource.

A page view does not enqueue transcription. Agents should invoke `request_transcript` explicitly when they need this episode processed.

## Transcript

Full transcripts are not published on public pages unless there is a clear rights basis.