• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
GandCrab Ransomware
A new variant of ransomware has come up this year that includes a National Security Agency exploit and its target is the older Windows that are no longer supported by Microsoft.

This was first discovered in January as a service for sale on the dark web. It uses the same hacking tools like that in WannaCry and Petya but also now targets SMB vulnerabilities and can proliferate even faster than those attacks.

The Version4 of this ransomware has an overhauled code structure, including the encryption mechanism that has been switched to Salsa20 stream cipher to encrypt files faster than previous versions. The Salsa20 cipher was used in the original Petya ransomware (not to be confused with the variant used in the June 2017 global cyberattack).

GandCrab is being spread through spam email, fake crack sites and malicious WordPress sites.

It’s also notable that the computers don’t need to be connected to the internet to be infected, as the new GandCrab doesn’t need to connect to the C2 server before encrypting the victim’s files.

Currently no free decryptor for GandCrab exist. Stay safe out there.

Forum Jump: