Threat intelligence firm Kela warns of Anubis, a new RaaS ransomware group that emerged in late 2024, with experienced members and a dark web presence. Anubis employs double extortion and offers three affiliate programs: classic ransomware (80% affiliate share, targeting Windows, Linux, NAS, and ESXi), data ransom (monetizing stolen data with a 60/40 split), and access monetization (paying brokers 50% for exclusive access in select regions). The group, tracked via dark web actors like ‘superSonic,’ has listed three victims on its blog, including two healthcare institutions, with a fourth marked ‘Top Secret’ as of February 25, 2025.

‍