Beware of the GandCrab ransomware
It’s not uncommon to see run-of-the-mill ransomware samples pop up these days. Most of the new ones are spinoffs of existing strains and variants of the notorious proof-of-concept code called Hidden Tear. The GandCrab ransomware discovered in late January is a completely different story, though. Not only is it an independently created infection, but it also introduces some novelty to this threat landscape. GandCrab has pioneered in using the Dash cryptocurrency for ransoms, and it is the first one whose Command and Control server is hosted on a top-level domain.
The pest under scrutiny is circulating in several ways. The initial wave of attacks involved two exploit kits, GrandSoft and RIG, which inject and execute the malicious binary when an unsuspecting user visits a hacked site. The main prerequisite to the success of this contamination vector is the presence of unpatched software on a targeted host, where known vulnerabilities get exploited behind the scenes.
A distribution campaign that surfaced somewhat later harnesses botnet-powered spam. The crooks have been sending out thousands of phishing emails that carry booby-trapped attachments on board. These malicious files pretend to be receipts or invoices and, once opened, launch a surreptitious script that deposits the infection onto the computer.
Just like the average ransom Trojan, GandCrab then scours the breached machine for personal data. It peeks inside local drive volumes, network drives, and removable media. Everything found is subject to encryption with RSA, an asymmetric cipher using a public-private key pair. The RSA private key is kept by the attackers who attempt to sell it to the victim along with decryption software at a later stage of the onslaught. The perpetrating program also appends hostage files with the .GDCB string.
The black hats’ demands boil down to a payment of 1.54 Dash, which is worth about 1,200 USD. Doing so is a slippery slope, because the crooks may never provide the necessary recovery details. Therefore, users should first try to restore the data from backup, if any, or use professional recovery software to sort things out.
Comment
"Destroying the New World Order"
THANK YOU FOR SUPPORTING THE SITE!
Latest Activity
- Top News
- Everything
"Less Prone excellent points and I've seen that video too. Very informative! "
"Less Prone thanks for your support! "
"Less Prone, you are exactly right! They have been harvesting fetal tissue in vaccines for quite…"
"Less Prone, thank you very much for your input/ I always appreciate your insights! "
"You may be consuming human tissue unknowingly in vaccines, food or drink. One of the cruellest…"
"Democrats pretend to be icons of democracy, but what kind of rule do they have in mind? When they…"
"I got some "proof" for you. An early prehistoric cave painting documented on a runestone."
All In The Family | Mike Meets Archie For The First Time | The Norman Lear Effect
"Television programs have come down a lot in quality since those days. "
In the Political Realm They've Gone One Step Too Far!
I'm Your Host here on a completely new program. We call it One Step Too Far! Join us now for some…See More
© 2026 Created by truth.
Powered by
You need to be a member of 12160 Social Network to add comments!
Join 12160 Social Network