The GandCrab ransomware variant enhanced with a crypter service that elevates the malware’s stealth capabilities.
The hacking enhancement will make the ransomware strain more difficult to spot and analyze in the future.
GandCrab has gone through a number of evolutions lately but the authors behind GandCrab appear to be constantly seeking out ways to enhance the malware’s code.
GandCrab infects systems via poorly-secured remote desktop applications, exploit kits, phishing, botnets, and PowerShell scripts.
The malware usually comes as a package wich considered as a ransomware-as-a-service tool.
GandCrab has already made thousands of victims worldwide. Once a system has been infected, GandCrab encrypts and locks files and demands a payment ranging from a few hundred to several thousand dollars.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
Last month, cybersecurity researchers found a fourth version of the malware being delivered via the Phorpiex worm. The v4 is infecting enterprise networks and propagate via USB drives, removable storage, and spam.
The Version five, which was released in this September, has given operators the choice to demand payment in either the Dash or Bitcoin cryptocurrencies.
Now on version 5.0.2 its developers are constantly patching its security holes and make the task of reverse-engineering the malware more difficult.
Researchers are astonished by the speed of change which is impressive.
Crypters are often a key component of obfuscation. NTCrypt is the service chosen to obfuscate GandCrab’s capabilities.
The crypter NTCrypt is described as a fully NT-based crypter with has a unique injection method that will guarantee a high execution rate.
The software is on offer for between $950 and $1,600.
In order to drum up excitement in the announcement, the NTCrypt-GandCrab partnership has offered a discount to hackers signing up for the service.
Ransomware is incredibly popular with cybercriminals due to the possibility of high returns, especially as many victims will pay up to retrieve locked and encrypted files.
The operators of the SamSam ransomware are earning $300,000 a month, while Cerber developers have managed to earn an estimated $195,000 in only a month through such malware.
This threat will exist as long as this particular form of malware has the capability to make its operators a fortune in fraudulent income; because of this, it is likely to see more and more cybercriminals bringing new forms of ransomware to the market.
We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.