Ransomware removal experts have stated that the infamous GandCrab Ransomware has revamped itself through the addition of new features that can assist its owners to increase the size of their hunting net and attack a greater number of computer systems.
The modified version of the GandCrab Ransomware came under the radar of ransomware removal experts in the beginning of July. However, the new changes were not instantly noticed. It took some time for ransomware removal analysts to realize the modifications done by the ransomware. Analysts found out that the entire source code was edited.
A security expert from United Kingdom Kevin Beaumont states that the ransomware has adopted the EternalBlue NSA exploit kit that attacks vulnerabilities related to SMB (Server Message Block) and proliferates quicker than ever. He further explained that GandCrab now does not depend upon a C2 Server but can proliferate from an exploit of SMB which includes the modern Windows Operating Systems (Windows 7, 8, 10) as well as the older version of Windows XP and Windows Server 2003.
According to Mr. Beaumont, this is different because even the popular ransomware WannaCry was unable to use EternalBlue while GandCrab has successfully managed to use it against its victims.
Fortinet’s security official, Joe Salvio found the ransomware propagating through spam email campaigns as well as through WordPress websites laced with malicious malware. He confirmed the opinion of ransomware removal analysts about the change in the source code.
Mr. Salvio further explained that while GandCrab previously used the cryptographic algorithm RSA-2048, it has now adopted a better algorithm known as Salsa20. Salsa20 is a popular algorithm that was also used by a well known ransomware Petya. Petya Ransomware was instrumental in damaging governmental institutions and enterprises all around the world.
Both Mr. Beaumont and Mr. Salvio believe that organizations and individuals need to follow the basic cybersecurity measures in order to protect themselves.