• Cyber Security
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware File Recovery
    • Ransomware Types
  • Ransomware Services
    • Ransomware Removal
    • Ransomware File Recovery
  • News
  • Tutorials
  • Ransomware TV

Cyber Security Experts Notice Valentine’s Day-Themed GandCrab Activity

March 10, 2019Simeon Georgiev

It has been a year since GandCrab first emerged and in this short period of time, it has carved a reputation for being one of the most potent cryptovirological threats of late. GandCrab operators constantly release the updated versions of the strain to make it more difficult for ransomware removal experts to come up with its universal decrypter.

Last week, members of a CDM company detected a socially engineered Valentine’s Day email campaign that was centered on GandCrab’s exploit. According to the preliminary findings, cybercriminals are using romantic subject lines in their phishing emails that contain an attachment infested with GandCrab’s payload.

Emails with subjects like ‘Wrote my thoughts down about you’, ‘This is my love letter to you’, ‘Fell in love with you’, and ‘My letter just for you’ with a zip attachment ‘Love_You_2018’ has been sent en mass to lure gullible users in the cryptovirological trap. The attachment is actually a JavaScript executable file which, upon clicking, drops off the cryptovirological script.

While knowing that it’s a scam, many people click on the attachment out of curiosity. On the internet, ‘curiosity can kill the cat’. So, its advised to refrain from clicking on links and attachments if they are sent by unknown and impersonated IDs.

Korean and Chinese Users Might Be the Primary Targets

Once the encryption is done, the screen of the affected device gives victims to choose from English, Chinese and Korean. This suggests that the campaign is primarily designed to hit users in the East. The note gives a seven-day deadline to the victims for getting ransomware removal key in the given extortion amount. After the lapse of the deadline, the victims have to pay double of the actual ransom amount.

A RAAS Campaign

All the infections that researchers have analyzed mention a different ransom amount. It strongly suggests that original GandCrab operators might not behind this ‘seasonal campaign’. Instead, cybercriminals customers might have brought the GandCrab exploit kit from the Dark Web and using it in their Ransomware-As-a-Service (RAAS) campaign.  

Besides mentioning the ransom amount and providing the cryptocurrency addresses to pay it, the perpetrators also provide a complete guide in the note for getting a Bitcoin or Dash wallet. They even offer live chat service to assist affected users in paying the ransom.

GandCrab Operators Are Making Money from All Sides

GandCrab operators have been making the most of their cryptovirological product since its launch. They are using it to carry out their own attacks and earning money through extortion for providing ransomware removal. Meanwhile, the sale of GandCrab as a RAAS product is also bringing in profits.  With such lucrative prospects, it’s not hard to understand that they will continue to come up with more lethal variants of GandCrab.

Simeon Georgiev
https://www.linkedin.com/in/simeon--georgiev/
I am a Cyber Security Enthusiast from Bulgaria. I like to write about malware and ransomware and global cyber attacks. You can reach me on Twitter @sgeorgiev1995 or Email: [email protected]
Previous post no_more_ransom: A New Variant of Shade and Rapid Ransomware Next post Ransomware Infections Might on the Decline, But Not Their Extortion Revenue

Related Articles

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

January 27, 2018Simeon Georgiev
NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

February 1, 2018Simeon Georgiev
NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

BitPaymer Ransomware Traced Back to Dridex Developers

February 1, 2018Simeon Georgiev
BitPaymer Ransomware Traced Back to Dridex Developers

Latest on Ransomware TV

https://vimeo.com/399908876?loop=0

Recent Posts

  • How to protect your organization against ransomware reinfections
  • AuKill Helps Ransomware Operators Disable EDR and Security Tools
  • AI-ransomware is a real threat, just not a realistic one yet
  • Rorschach is the new speed king in the ransomware space
  • The Role of Supply Chain Breaches in Ransomware Attacks

Stay Protected

Subscribe to our mailing list to get the latest cyber security and ransomware removal articles!

Thank you for subscribing.

Something went wrong.

Navigation

  • Cyber Security
    • Ransomware File Recovery
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware Types
  • News
  • Tutorials

Ransomware Attacks (Last 6M)

0

Connect & Protect

Facebook
Google+
LinkedIn
YouTube
Vimeo

More

  • BECOME A CONTRIBUTOR

MonsterCloud Reviews

© 2020 MonsterCloud.com. All Rights Reserved.