Beware of the GandCrab ransomware
It’s not uncommon to see run-of-the-mill ransomware samples pop up these days. Most of the new ones are spinoffs of existing strains and variants of the notorious proof-of-concept code called Hidden Tear. The GandCrab ransomware discovered in late January is a completely different story, though. Not only is it an independently created infection, but it also introduces some novelty to this threat landscape. GandCrab has pioneered in using the Dash cryptocurrency for ransoms, and it is the first one whose Command and Control server is hosted on a top-level domain.
The pest under scrutiny is circulating in several ways. The initial wave of attacks involved two exploit kits, GrandSoft and RIG, which inject and execute the malicious binary when an unsuspecting user visits a hacked site. The main prerequisite to the success of this contamination vector is the presence of unpatched software on a targeted host, where known vulnerabilities get exploited behind the scenes.
A distribution campaign that surfaced somewhat later harnesses botnet-powered spam. The crooks have been sending out thousands of phishing emails that carry booby-trapped attachments on board. These malicious files pretend to be receipts or invoices and, once opened, launch a surreptitious script that deposits the infection onto the computer.
Just like the average ransom Trojan, GandCrab then scours the breached machine for personal data. It peeks inside local drive volumes, network drives, and removable media. Everything found is subject to encryption with RSA, an asymmetric cipher using a public-private key pair. The RSA private key is kept by the attackers who attempt to sell it to the victim along with decryption software at a later stage of the onslaught. The perpetrating program also appends hostage files with the .GDCB string.
The black hats’ demands boil down to a payment of 1.54 Dash, which is worth about 1,200 USD. Doing so is a slippery slope, because the crooks may never provide the necessary recovery details. Therefore, users should first try to restore the data from backup, if any, or use professional recovery software to sort things out.
Comment
"Destroying the New World Order"
THANK YOU FOR SUPPORTING THE SITE!
Latest Activity
- Top News
- Everything
Why is Planet Earth Considered to be a Prison?
For millennia we seem to be collecting accounts given by many races of non-terrestrial humanoids…See More
How much money makes anyone have a god complex?
Trump makes a meme of himself as Jesus Christ. Soros says he fancied himself a sort of god.In 2004,…See More
"Tragically funny how easily patriotism dissolves when money is involved! "
"Yes and they are at this time allowing Epic City, a muslim wet dream to be constructed near Dallas…"
"Muslim celebration at Grand Prairie water park canceled after Gov. Abbott threatens to pull city…"
"I guess with coming solar flares that sent societies underground before arrives in the near future…"
'Showbiz' Don to Release Xenu Upon the Public
New York Post says the other files will be released Friday. If there ever was a Disclosure from…See More
Jerusalem Syndrome - Israel/Palestine
August 2006For some, visiting Jerusalem brings them a little too close to God. Dozens of tourists develop 'Jerusalem Syndrome', believing they have a messian...
So you Don't Think Communist China is Buying Off the Democrat Party?
California Democrats Just Joined Hands With Communists Funded From ShanghaiPosted on …See More
681373888_994247376374814_9118727954735788138_n
"But Wait Folks... There's even more, even more than more in this ugly situation. A story of…"
© 2026 Created by truth.
Powered by
You need to be a member of 12160 Social Network to add comments!
Join 12160 Social Network