Anxz Ransomware - Currently More Wiper Than Ransomware

During our investigation of new submissions, our researchers came across a ransomware program called Anxz. This malicious software, which is based on the Chaos ransomware, functions by encrypting data and demanding payment in exchange for decryption.

To analyze Anxz, we executed a sample of the program on our testing system. As a result, it encrypted various files and modified their filenames by adding a four-character extension. For instance, a file originally named "1.jpg" would be renamed to "1.jpg.p60f," while "2.png" would become "2.png.fcsi." This alteration affected all the targeted files.

After completing the encryption process, Anxz changed the desktop wallpaper and generated a ransom note named "L bozo.txt." However, the message within the note was incomplete. It served as an indication to the victim about the infection caused by Anxz ransomware. The note warned that the victim had a 24-hour deadline to comply with the demands; otherwise, their data would be deleted, and their computer would be "destroyed." The victim was instructed to follow the provided instructions in order to prevent such consequences and recover their files.

Unfortunately, the note did not provide any specific steps, such as payment details or contact information. It is possible that this issue will be addressed in future releases of Anxz.

Anxz Ransom Note Contains No Contact Info

The full text of the truncated Anxz ransom note reads as follows:

Seems like you've been hacked by our group called Anxz 🙂

No need to worry this isnt really a big deal. Just search for 'L bozo.txt' In your computer and follow the instructions to get your files, info and personal photos back from us.

Dont panic now time is ticking. You have 24 hours to do the steps or everything gets deleted and your pc gets destroyed 🙂 Have fun! <3

What Is the Difference Between Wipers and Ransomware?

Wipers and ransomware are two different types of malicious software, each with distinct objectives and functionality:

Wipers: Wipers are a form of destructive malware designed to permanently delete or destroy data on infected systems. The primary goal of wipers is to cause damage and disrupt operations rather than to extort money from victims. Once activated, wipers overwrite or delete critical files, making them irrecoverable. The intention behind wipers is typically to sabotage systems, erase evidence, or carry out acts of cyber warfare.

Ransomware: Ransomware, on the other hand, is a type of malware that encrypts the victim's files, rendering them inaccessible until a ransom is paid to the attackers. The primary objective of ransomware is financial gain through extortion. After infecting a system, ransomware encrypts files using sophisticated algorithms, and a ransom note is displayed, demanding payment in exchange for the decryption key. The attackers hold the victim's data hostage, coercing them to pay the ransom to regain access to their files.

In summary, the main difference between wipers and ransomware lies in their purpose and the actions they take. Wipers focus on causing destructive harm by irreversibly deleting or damaging data, while ransomware aims to encrypt files and demand payment from victims for the decryption key.