New Variant of GandCrab Ransomware Spread via Massive Spam Campaign

Researchers have discovered a new massive campaign spreading three new variant GandCrab ransomware (version 2.1).

According to researchers at Fortinet attackers are using phishing emails to spread the ransomware.

The malicious email are spread with the subject lines such as bills, tickets, payments, and receipts. The emails are attached with Zip file with hidden javascript code which will download and install the GandCrab ransomware.

The file name of the attached file is in the format DOC<NUMBERS>.zip, and these file names will also be in the subject line of the phishing email. Some example of Subject and file name are given below:

  • Document #<NUMBERS>

  • Invoice #<NUMBERS>

  • Order #<NUMBERS>

  • Payment #<NUMBERS>

  • Payment Invoice #<NUMBERS>

  • Ticket #<NUMBERS>

  • Your Document #<NUMBERS>

  • Your Order #<NUMBERS>

  • Your Ticket #<NUMBERS>

After execution, the ransomware will encrypt all your files which includes documents, photos, videos, databases and other important files. The encrypted files will be appended with a .CRAB extension.

A ransom note named CRAB-DECRYPT.txt will be added to each folder which contains details about the encrypted files and instruction for payment.

Ransom note contains a link to an onion website which can be only accessed through a TOR browser where victims are asked to a pay an initial amount in DASH currency and which will be double if not paid within a few days.

According to Fortinet the primary target of this campaign is mail servers hosted in the US and in case of infection rate India is in the top spot with 25.3% followed by Peru, Chile and other countries.

“GandCrab ransomware, or any type of ransomware for that matter, can cause irreversible damage to an infected system. The best defense against these kinds of attacks is good cyber hygiene and safe practices. In this case, remember that it is always important to be cautious about unsolicited emails, especially those with executable attachments. In addition, if all else fails, make sure you always have a backup stored in an isolated network environment in order to successfully recover a compromised system” said in the blog post published by Fortinet.

How to prevent yourself from the GandCrab Ransomware:

  • Perform regular backups. Ideally, this data should be kept on a separate device, and backups should be stored offline
  • Maintain updated Antivirus software for all systems
  • Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited email, even if the link seems benign. In cases of genuine URLs close out the e-mail and go to the organization’s website directly through the browser.
  • Keep the operating system and third-party applications (MS office, flash player, browsers, browser Plugins) up-to-date with the latest patches.
Comments

Please rate this content

You May Also Like