Beware of the GandCrab ransomware

It’s not uncommon to see run-of-the-mill ransomware samples pop up these days. Most of the new ones are spinoffs of existing strains and variants of the notorious proof-of-concept code called Hidden Tear. The GandCrab ransomware discovered in late January is a completely different story, though. Not only is it an independently created infection, but it also introduces some novelty to this threat landscape. GandCrab has pioneered in using the Dash cryptocurrency for ransoms, and it is the first one whose Command and Control server is hosted on a top-level domain.

The pest under scrutiny is circulating in several ways. The initial wave of attacks involved two exploit kits, GrandSoft and RIG, which inject and execute the malicious binary when an unsuspecting user visits a hacked site. The main prerequisite to the success of this contamination vector is the presence of unpatched software on a targeted host, where known vulnerabilities get exploited behind the scenes.

A distribution campaign that surfaced somewhat later harnesses botnet-powered spam. The crooks have been sending out thousands of phishing emails that carry booby-trapped attachments on board. These malicious files pretend to be receipts or invoices and, once opened, launch a surreptitious script that deposits the infection onto the computer.

Just like the average ransom Trojan, GandCrab then scours the breached machine for personal data. It peeks inside local drive volumes, network drives, and removable media. Everything found is subject to encryption with RSA, an asymmetric cipher using a public-private key pair. The RSA private key is kept by the attackers who attempt to sell it to the victim along with decryption software at a later stage of the onslaught. The perpetrating program also appends hostage files with the .GDCB string.

The black hats’ demands boil down to a payment of 1.54 Dash, which is worth about 1,200 USD. Doing so is a slippery slope, because the crooks may never provide the necessary recovery details. Therefore, users should first try to restore the data from backup, if any, or use professional recovery software to sort things out.

Views: 144

Comment

You need to be a member of 12160 Social Network to add comments!

Join 12160 Social Network

"Destroying the New World Order"

TOP CONTENT THIS WEEK

THANK YOU FOR SUPPORTING THE SITE!

mobile page

12160.info/m

12160 Administrators

 

Latest Activity

Doc Vega posted a blog post

What is Area 2 and What Goes on There?

 We have all heard of Area 51 and S-4, along with such terms as Water Town, Papoose Lake,…See More
29 minutes ago
0 Comments
Doc Vega posted a blog post

STRANGE THINGS HAPPENING IN YELLOWSTONE

It’s not the fact that Yellowstone National Park sits atop a super volcano that hasn’t erupted in…See More
yesterday
0 Comments
tjdavis posted a video

Austrian police raid house of man who leaked Israeli ambassador video making genocidal comments

In a new ITV documentary, Breaking Ranks: Inside Israel’s War, former Israeli soldiers describe how Gaza civilians were killed, often without warning, in an ...
yesterday
0 Comments
Burbia posted a video

WARHAMMER 40,000 | 1980's GRIMDARK MOVIE

WARHAMMER 40,000 | 1980's GRIMDARK MOVIEThis is a Concept Movie Trailer made with the help of AI. This video is created purely for fun and out of curiosity a...
yesterday
0 Comments
tjdavis favorited Sandy's discussion Sick sci-fi sex fantasy written by Epstein's first benefactor people say inspired his twisted island... before author's SON ended up arresting him
yesterday
tjdavis favorited Sandy's discussion Sick sci-fi sex fantasy written by Epstein's first benefactor people say inspired his twisted island... before author's SON ended up arresting him
yesterday
tjdavis commented on tjdavis's blog post THE ORIGINS OF THE WORLD ASSOCIATION OF SOCIAL PSYCHIATRY IN LONDON, UK IN 1964
"Tavistock Timing"
yesterday
tjdavis posted a blog post

THE ORIGINS OF THE WORLD ASSOCIATION OF SOCIAL PSYCHIATRY IN LONDON, UK IN 1964

yesterday
1 Comment
Doc Vega posted a blog post

The Ringside View

Down in the streets where the animals meetWhere tear gas flies and people get beatWhere…See More
Wednesday
0 Comments
tjdavis posted videos
Thumbnail
Thumbnail
Thumbnail
1 more…
Wednesday
tjdavis posted blog posts
Tuesday
Doc Vega posted a blog post

Is America on the brink of a Dire Emergency

 You might know if you have remained informed that America has been under asymmetric warfare for…See More
Nov 15
0 Comments
tjdavis favorited Burbia's video
Thumbnail

CHARLIE KIRK WAS CNP! JOSH REEVES 9-11-25

Nov 13
tjdavis posted videos
Thumbnail
Thumbnail
Nov 13
rlionhearted_3 commented on Sandy's photo
Thumbnail

FB_IMG_1762715632283

Nov 11
cheeki kea posted a photo
Thumbnail

wartime rations

Nov 11
0 Comments
cheeki kea favorited tjdavis's blog post Propaganda,Cognitive Warfare Europes Self Destruction
Nov 11
cheeki kea commented on tjdavis's photo
Thumbnail

Sustenance

"Bacon health to the nation for one and all and stealth for operations elsewhere in the war. Yip a…"
Nov 11
Doc Vega posted a blog post

The Consequence of Loneliness: Another Missing Person Case

Chapter I“Unit 7, Unit 7. Do you read? This is dispatch!”“This is Unit 7, over!” Deputy Patterson…See More
Nov 10
0 Comments
Cora is now a member of 12160 Social Network
Nov 10
Welcome Them!

© 2025   Created by truth.   Powered by

Badges  |  Report an Issue  |  Terms of Service

content and site copyright 12160.info 2007-2019 - all rights reserved. unless otherwise noted