Gandcrab ransomware was first detected at the start of this year. From then on, this ransomware strain has become one of the most active cryptovirological scripts on the web. According to security experts at Cisco, Gandcrab ransomware has become so agile because it is now using legitimate websites to deliver its payload.
By using secure web addresses to infiltrate systems and networks, it has become very difficult for ransomware operators to stop it from spreading. The rapid infiltration of the strain has also doubled the work of experts dealing in ransomware removal. Experts are of the belief that the web domains using outdated software programs are becoming the target of Gandcrab operators.
Gandcrab operators ask for extortion money in the range of $300-500 for ransomware removal. It is important to mention that they are demanding the ransom in Dash instead of Bitcoin. Dash is known to have less traceability as compared to Bitcoin, making it more suitable for transactions that involve illegal activities.
Developers of Gandcrab are very active in improving the code of their cryptovirological strain. When it was first introduced in January, it affected over 50,000 devices within one month. In the meantime, security experts also succeeded in developing a ransomware removal tool to deal with Gandcrab.
But immediately after, the developers came up with the second variant that used different encryption extension and couldn’t be decrypted by the same tool. Some researchers are also claiming that they have discovered the third variant of Gandcrab.
Benefits of Using Legitimate Web Addresses
From the perpetrators’ perspective, delivering payload through legitimate web addresses is the most successful way to infiltrate any network. It saves them a considerable amount of resources (time and money both) in launching the attacks.
- They don’t have to register domains
- There is no need of buying a virtual private server and configure it to host the cryptovirological files
- In some cases, using legitimate web addresses also help them in circumventing some blacklisting measures taken up by users.
Since the inception of Gandcrab, its operators have shown it time and again that they mean business. It is now up to security researchers to come up with an effective ransomware removal measure for the latest variant of Gandcrab.
