A new ransomware, known as GandCrab, is inflicting damage these days on users all around the world. Few days ago, cyber security organizations in Vietnam warned the users of the possible ransomware attacks using this strain. It shows that how imminent is the threat of GandCrab.
Lately, cyber security researchers have identified a glitch in the script execution of one particular strain of GandCrab. According to their conclusion, a compilation error occurs during the script execution which culminates into a stopped chain of encryption.
This GandCrab glitch was identified earlier this week by a cyber security researcher Brad Duncan. According to Duncan, he was looking into the script activity of GandCrab when he encountered a compiling error stopping the scripting language of the ransomware from execution. This means even if the user has inadvertently opened this malspam, his device won’t be locked down and hence no ransomware removal services will be required.
Not All GandCrab Strains Have This Slipup
However, this scripting glitch is not present in every discovered strain of GandCrab. Only that GandCrab strain which uses infected word file in its spam email attachment is facing this issue. Word files are used by the operators to enclose malevolent VBScript in its macro command and instruction manual.
In case the user downloads the malicious word file and executes macro in it, GandCrab automatically starts to run on the device. But the statistics showing the number of GandCrab infections this week doesn’t demonstrate the impact of this anomaly because there is no decline in GandCrab attacks as compared to the last week.
Duncan thinks that malspam is not the most efficient way to deliver complex ransomware such as GandCrab. Most of the times, a whole malspam campaign can’t get the operators a single victim. Therefore, the cases of GandCrab haven’t dropped even with this glitch in place.
Researchers believe that this compilation error will be fixed very soon by the developers of GandCrab because in the past they have neutralized every ransomware decrypt tool developed by cyber security professionals for mitigating GandCrab attacks.