In the prevalence of the ransomware in threat landscape, team of security analysts has been monitoring on the widely spread ransomware dubbed as GandCrab Ransomware that uses both traditional spam campaigns and several exploit kits such as Grandsoft and Rig. In ransomware category, GandCrab Ransomware has become biggest threat and continue to update the malware to make it harder to stop. According to the depth analysis by researchers, the latest variant of GandCrab Ransomware named GandCrab4.1 Ransomware attack in the wild.
Like the predecessor of this ransomware, it released just two days prior to new ransomware. It behavior is similar to predecessor variant but the most noticeable thing about the latest variant of GandCrab Ransomware is that it is being spread through hacked or compromised site specifically designed to appear like the download site for the cracked applications. In the Internet, there are millions and millions of webpages executing on platform containing thousand of System vulnerabilities. With the help of hacked sites, GandCrab Ransomware spreads too much widely
Most Noticeable Thing About GandCrab 4.1 Ransomware
There are many point which makes GandCrab Ransomware is different from other predecessor variant. This ransomware uses strong cipher algorithm to encode users content instead of RSA-2048 encryption algorithm. It contains long, hard-coded list of the sites to which malware connects. Once it connected to the URL in list, it sends users data like username, IP address, network domain, System name, password etc.
According to the depth analysis by researcher, it is specifically designed to kill several System processes so that it can ensure the complete encryption of any targeted System files. From the 1st, January 2018, GandCrab Ransomware has caught attention of security community. As of march, it had infected over 50,000 Systems and earn over $600,000 in the ransom payment.
Payloads of GandCrab Ransomware
GandCrab Ransomware is undoubtedly one of the most widely spread ransomware that comes with several variant. It is still in constant development phase. The basic functionality of this ransomware has been well documented. This ransomware does several typical things as other ransomware does such locking files with .CRAB file extension, alters user’s System background, disables firewall settings and many more.