Ransomware Tracker (Entry #215): Anonymous

The report analyzes an 'Anonymous' ransomware sample derived from the NoCry/WannaCry builder and likely an early AzzaSec variant: it encrypts files with AES (appending .Anonymous), alters the desktop and shows a ransom modal, and drops an HTML ransom note. The sample shares many indicators with the XRed Backdoor—domains, hosted payload URLs (Google Drive/Dropbox links and site50.net paths) and actor email addresses—and XRed reportedly uses SMTP to exfiltrate system information, indicating related tooling and an operational risk to affected systems.