Beware of the GandCrab ransomware
It’s not uncommon to see run-of-the-mill ransomware samples pop up these days. Most of the new ones are spinoffs of existing strains and variants of the notorious proof-of-concept code called Hidden Tear. The GandCrab ransomware discovered in late January is a completely different story, though. Not only is it an independently created infection, but it also introduces some novelty to this threat landscape. GandCrab has pioneered in using the Dash cryptocurrency for ransoms, and it is the first one whose Command and Control server is hosted on a top-level domain.
The pest under scrutiny is circulating in several ways. The initial wave of attacks involved two exploit kits, GrandSoft and RIG, which inject and execute the malicious binary when an unsuspecting user visits a hacked site. The main prerequisite to the success of this contamination vector is the presence of unpatched software on a targeted host, where known vulnerabilities get exploited behind the scenes.
A distribution campaign that surfaced somewhat later harnesses botnet-powered spam. The crooks have been sending out thousands of phishing emails that carry booby-trapped attachments on board. These malicious files pretend to be receipts or invoices and, once opened, launch a surreptitious script that deposits the infection onto the computer.
Just like the average ransom Trojan, GandCrab then scours the breached machine for personal data. It peeks inside local drive volumes, network drives, and removable media. Everything found is subject to encryption with RSA, an asymmetric cipher using a public-private key pair. The RSA private key is kept by the attackers who attempt to sell it to the victim along with decryption software at a later stage of the onslaught. The perpetrating program also appends hostage files with the .GDCB string.
The black hats’ demands boil down to a payment of 1.54 Dash, which is worth about 1,200 USD. Doing so is a slippery slope, because the crooks may never provide the necessary recovery details. Therefore, users should first try to restore the data from backup, if any, or use professional recovery software to sort things out.
Comment
"Destroying the New World Order"
THANK YOU FOR SUPPORTING THE SITE!
Latest Activity
- Top News
- Everything
"Gordon thanks for your support."
What If origins on Our Planet are Different Than we Think?
For a long time now there has been a theory that would fit into both creationism and the simulated…See More
All Bases Erased, Air Defense Shattered ! Iranian Missiles Massacre U.S. FORCES | Douglas Macgregor
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
Same Package - Different Label
This way or that way, we get to the same place. It's time to take another road.
TRIVIA OF THE DAY Kier means “Penis” in Persian
"Nomen est omen. A political dick destroying his own country."
"Wow! The final progressive steps to the government run matrix. Now just fine tuning it. I…"
"That's a great poem it's a good time for writing being national poetry month in America…"
"All good points guys and perhaps in the future we'll see some new freak show of mRNA vax that…"
"SSRI's are poor substute for counciling soldiers back from war suffering from PTSD! "
© 2026 Created by truth.
Powered by
You need to be a member of 12160 Social Network to add comments!
Join 12160 Social Network