The Anubis ransomware group is a cybercriminal threat actor that has appeared in multiple forms over recent years, with the most notable incarnation emerging around 2024-2025. Anubis operates as a ransomware-as-a-service (RaaS) group and is known for targeting small to mid-sized organizations, particularly in healthcare, professional services, and manufacturing. The group has gained attention for its aggressive extortion style and rapid evolution of tooling.

Anubis uses double-extortion tactics, stealing sensitive data prior to encryption and threatening public disclosure if victims refuse to pay. In some campaigns, the group has escalated pressure by contacting victims directly or threatening permanent data destruction. Initial access is typically achieved through phishing campaigns, stolen credentials, and exploitation of exposed or unpatched services, followed by the use of built-in Windows tools to move laterally and avoid detection.

Technically, Anubis ransomware leverages robust encryption and attempts to disable backups, security software, and recovery mechanisms before execution. Although not as established as long-running ransomware brands, Anubis reflects the continued fragmentation and rebranding trend within the ransomware ecosystem, where new groups rapidly emerge to replace or repackage earlier operations while maintaining similar tactics and monetization strategies.