Beware of the GandCrab ransomware
It’s not uncommon to see run-of-the-mill ransomware samples pop up these days. Most of the new ones are spinoffs of existing strains and variants of the notorious proof-of-concept code called Hidden Tear. The GandCrab ransomware discovered in late January is a completely different story, though. Not only is it an independently created infection, but it also introduces some novelty to this threat landscape. GandCrab has pioneered in using the Dash cryptocurrency for ransoms, and it is the first one whose Command and Control server is hosted on a top-level domain.
The pest under scrutiny is circulating in several ways. The initial wave of attacks involved two exploit kits, GrandSoft and RIG, which inject and execute the malicious binary when an unsuspecting user visits a hacked site. The main prerequisite to the success of this contamination vector is the presence of unpatched software on a targeted host, where known vulnerabilities get exploited behind the scenes.
A distribution campaign that surfaced somewhat later harnesses botnet-powered spam. The crooks have been sending out thousands of phishing emails that carry booby-trapped attachments on board. These malicious files pretend to be receipts or invoices and, once opened, launch a surreptitious script that deposits the infection onto the computer.
Just like the average ransom Trojan, GandCrab then scours the breached machine for personal data. It peeks inside local drive volumes, network drives, and removable media. Everything found is subject to encryption with RSA, an asymmetric cipher using a public-private key pair. The RSA private key is kept by the attackers who attempt to sell it to the victim along with decryption software at a later stage of the onslaught. The perpetrating program also appends hostage files with the .GDCB string.
The black hats’ demands boil down to a payment of 1.54 Dash, which is worth about 1,200 USD. Doing so is a slippery slope, because the crooks may never provide the necessary recovery details. Therefore, users should first try to restore the data from backup, if any, or use professional recovery software to sort things out.
Comment
"Destroying the New World Order"
THANK YOU FOR SUPPORTING THE SITE!
Latest Activity
- Top News
- Everything
Dan Bilzerian believes Palestinians are real Semites and he explained why
#danbilzerian #shorts #israel #palestine #gaza #british #piersmorgan #politics #uk
Where I've Been
Your mouth is moving but your eyes can’t lieLong ago you were compromisedRelying heavily on your…See More
The Escape
The dreamland comes as I close my eyesTake me from the forbidden lands that I despiseWhere all…See More
FB_IMG_1775463256193
"ahh yes but one must be well practised in the art of double think for such occasions as these…"
You’ve Heard of Champ, right? This Aint it!
CHAMP, you might be thinking of is a legendary cryptid supposedly existing in the waters of Lake…See More
Truth or Fiction? You Figure it Out
Working for the federal government, specifically, the Pentagon. I was, what you might call a…See More
GOLDSPHINCTER - Donald J Trump is Acrid Goldsphincter (James Bond Music Parody)
In this James Bond parody, Donald J Trump is Acrid Goldsphincter in our version of the classic Bond "Goldfinger" theme song. All voices and singing performed...
How Long does Destabilization Take?
How long does it take to topple a society targeted by the left? What ingredients go into this toxic…See More
© 2026 Created by truth.
Powered by
You need to be a member of 12160 Social Network to add comments!
Join 12160 Social Network