GandCrab version 3 was released, and the most noticeable change is the addition of a desktop background.
This new variant is distributed through exploit kits and malspam. The malspam emails have subjects like “Order #65121” and contain attachments with a VBS downloader that installs GandCrab v3.
This cybersecurity problem can be easily avoided by implementing a cybersecurity solution inside every device, so don’t let your guard down depending of which OS your device is running it is mandatory to install an antivirus for Windows or antivirus for Mac.
If you are a company the install of antivirus is only the first layer of security, you must contract a cybersecurity company that will carry some advance cybersecurity tests to your company networks, like penetration tests, and ethical hacking tests.
Researchers discovered in a malware analysis that the most noticeable change in this release of GandCrab is the increment of the version number to 3, new ransom note text, and the introduction of a bad desktop background.
The ransom note is still named CRAB-DECRYPT.txt, and encrypted files still have the .CRAB extension.
This new variant of GandCrab also introduces a low-resolution background that tells the victim to read the CRAB-DECRYPT.txt ransom note.
Another change discovered is the implementation of a RunOnce autorun key that will cause GandCrab to start automatically when a user logs in. When GandCrab is installed, it will encrypt the computer, and then automatically reboot the computer. This version, also, introduces the domain “carder.bit” which is used as a C&C server.
Unfortunately, this version cannot be decrypted for free.
Ransomware attacks represent reality for all major companies, and unfortunately, this kind of cyber attacks will keep coming. However, there are steps companies can take to protect and secure themselves which includes adopting a top cybersecurity solution like an antivirus, implementing robust procedures for patching software and technologies against security vulnerabilities and hiring a specialized cybersecurity firm that would run extra tests like penetration test and ethical hacking test on their network. Maintaining a routine like this closes potential holes in company infrastructure.
Ransomware spreads like wildfire and is the most time critical of cyber threats. The ability to detect the pre-cursor behaviors of ransomware is the only way to get ahead of the attack. Unfortunately, that’s almost impossible to do if you are unprotected. To be safe and secured against ransomware like this, depending on which version of OS your device runs, please install an antivirus for Windows or antivirus for Mac.