Attention! MSPs are now infected with Gandcrab Ransomware

Cybersecurity researchers found that hackers are now using aa two-year-old plug-in flaw to infect companies with GandCrab ransomware via their managed service provider (MSP).

This new kind of trick is critical because it represents one of the most dangerous risks to businesses. Another main problem here is the technologies controlled or owned by third party companies. Organizations that choose to use this type of services must remain vigilant! Their main focus should be monitoring network traffic to and from the company’s devices and assets.

Gandcrab was first sawed spreading via Rig Exploit Kit (RigEK).
For those who don’t know Exploit Kits are most currently available in Drive-by Download attack (DbD). DbD is an attack, that does some redirection (drive) to the malicious website prepared by the attacker or A general Web site where malicious code was injected by an attacker (Compromised site), and finally malware download and install. An attacker’s server sends exploit code that exploits vulnerabilities in browsers and other plugins.

Those codes drop and inject malware. Exploit Kit facilitates the flow of this attack. By using Exploit Kit, attackers can easily execute DbD without having expert knowledge and skills. RigEK suddenly from around September 2016 To increase the market share and now has been used in many of DbD Campaign.

Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;

Keep in mind that hackers can only and solely gain value from compromised devices if they have communication with that device. Meaning that they must have some external device used to communicate such a command-and-control server.
Trough this command-and-control setup they can leak data, but it is risky because they expose themselves to businesses that deploy network traffic analytics.

Researchers are saying that is also impossible to completely control supply chain vulnerabilities, by monitoring network traffic. In order to be completely safe businesses can identify anomalous behavior, and then report the problem to the vendors, in order to close security loopholes more quickly.

We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.