• Cyber Security
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware File Recovery
    • Ransomware Types
  • Ransomware Services
    • Ransomware Removal
    • Ransomware File Recovery
  • News
  • Tutorials
  • Ransomware TV

Gandcrab is Now Using Legitimate Websites as a Carrier

May 17, 2018Simeon Georgiev

Gandcrab ransomware was first detected at the start of this year. From then on, this ransomware strain has become one of the most active cryptovirological scripts on the web. According to security experts at Cisco, Gandcrab ransomware has become so agile because it is now using legitimate websites to deliver its payload.

By using secure web addresses to infiltrate systems and networks, it has become very difficult for ransomware operators to stop it from spreading. The rapid infiltration of the strain has also doubled the work of experts dealing in ransomware removal. Experts are of the belief that the web domains using outdated software programs are becoming the target of Gandcrab operators.

Gandcrab operators ask for extortion money in the range of $300-500 for ransomware removal. It is important to mention that they are demanding the ransom in Dash instead of Bitcoin. Dash is known to have less traceability as compared to Bitcoin, making it more suitable for transactions that involve illegal activities.

Developers of Gandcrab are very active in improving the code of their cryptovirological strain. When it was first introduced in January, it affected over 50,000 devices within one month. In the meantime, security experts also succeeded in developing a ransomware removal tool to deal with Gandcrab.

But immediately after, the developers came up with the second variant that used different encryption extension and couldn’t be decrypted by the same tool. Some researchers are also claiming that they have discovered the third variant of Gandcrab.

Benefits of Using Legitimate Web Addresses

From the perpetrators’ perspective, delivering payload through legitimate web addresses is the most successful way to infiltrate any network. It saves them a considerable amount of resources (time and money both) in launching the attacks.

  • They don’t have to register domains
  • There is no need of buying a virtual private server and configure it to host the cryptovirological files
  • In some cases, using legitimate web addresses also help them in circumventing some blacklisting measures taken up by users.

Since the inception of Gandcrab, its operators have shown it time and again that they mean business. It is now up to security researchers to come up with an effective ransomware removal measure for the latest variant of Gandcrab.

Simeon Georgiev
https://www.linkedin.com/in/simeon--georgiev/
I am a Cyber Security Enthusiast from Bulgaria. I like to write about malware and ransomware and global cyber attacks. You can reach me on Twitter @sgeorgiev1995 or Email: [email protected]
Previous post Ransomware turns attention to government agencies Next post Ransomware Strain Hit Australian Family Planning Company

Related Articles

GandCrab Ransomware Version 2 Released With New .Crab Extension & Other Changes

March 9, 2018Simeon Georgiev
For assistance with file recovery and ransomware removal, please contact MonsterCloud – cyber security experts for a professional ransomware removal.

Preventive Measure Against GandCrab Ransomware Found!

July 26, 2018Simeon Georgiev
gandcrab

GandCrab 4.2 Ransomware

August 23, 2018Simeon Georgiev
4.2

Latest on Ransomware TV

https://vimeo.com/399908876?loop=0

Recent Posts

  • How to protect your organization against ransomware reinfections
  • AuKill Helps Ransomware Operators Disable EDR and Security Tools
  • AI-ransomware is a real threat, just not a realistic one yet
  • Rorschach is the new speed king in the ransomware space
  • The Role of Supply Chain Breaches in Ransomware Attacks

Stay Protected

Subscribe to our mailing list to get the latest cyber security and ransomware removal articles!

Thank you for subscribing.

Something went wrong.

Navigation

  • Cyber Security
    • Ransomware File Recovery
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware Types
  • News
  • Tutorials

Ransomware Attacks (Last 6M)

0

Connect & Protect

Facebook
Google+
LinkedIn
YouTube
Vimeo

More

  • BECOME A CONTRIBUTOR

MonsterCloud Reviews

© 2020 MonsterCloud.com. All Rights Reserved.