Recently, several cyber security specialists in the field reported the appearance of a new and not quite an ordinary ransomware. The threat was called GandCrab and, according to experts, appeared at the end of last week. GandCrab has not only become the first ransomware, demanding payment in the DASH crypto currency, it is also distinguished by ways of distribution using exploit kits.
GandCrab ransomware was discovered by security expert David Montenegro, after which it was thoroughly analyzed by other cyber security companies and independent specialists. Shortly after, Twitter became the place where all new information are being discussed.
GandCrab Ransomware – Welcome! WE ARE REGRET, BUT ALL YOUR FILES WAS ENCRYPTED! – .GDCB … 🧐🧐🧐 pic.twitter.com/YkYNAAmvgG
— David Montenegro (@CryptoInsane) January 26, 2018
According to Malwarebytes, and independent exploit researcher Brad Duncan, the ransomware spreads via malicious advertising campaign called Seamless. And for the end users the GandCrab is distributed through well-known exploits like RIG and GrandSoft. The whole idea is to take advantage of vulnerabilities in the visitor’s software to install GandCrab ransomware without their permission. After a “successful” installation, the visitor will probably not realize they are infected until it is too late.
GandCrab Ransomware Using Dash Cryptocurrency
The chosen for currency as a ransom payment it is slightly unusual. As an unwritten rule, hackers accept payment in popular cryptocurrencies like Bitcoin and Monero, but GandCrab demand DASH. More precisely 1.54 DASH, which is approximately $1,170 USD at today’s prices. The amount doubles if payment was not made within a few days.
Most likely, hackers behind GandCab are attracted to the anonymity of DASH and the fact that it will be more difficult for law enforcement agencies to track such payments.
Another interesting feature of the ransomware, which additionally protects GandCrab developers from the authorities’ watchful eye, is the use of .bit domains, ie Namecoin. On several .bit domains there are control servers, named “in honor” of well-known security companies and resources:
Cyber security experts regretfully admit that they have not yet managed to create a tool for deciphering the information that was affected by GandCrab ransomware activity.
The best way to avoid falling victim of GandCrab or any other ransomware is to have a reliable and tested backup of your data that can be restored in the case of an emergency. With a good backup, ransomware has no effect on you.