The operators of infamous GandCrab ransomware have exceptional ‘work ethics’ because they never cease to work and improve their cryptovirological strain. Malware hunters have recently discovered a new variant of the ransomware. After the latest discovery, there are now five versions lingering in the cyber world. It is important to note that this ransomware family was first made its entry into the cyberspace in January 2018
According to initial inspection of the latest GandCrab version, experts have found out that it is using slightly different encryption module to lock down the files on affected devices. Instead of using the combination of AES and RSA encryption modules like earlier versions, GandCrab V 5.0 is using the mix of Salsa20 and RSA encryption mechanisms.
Due to a different encryption method, experts are still trying to work out an effective ransomware removal measure. According to the ransom note that appears in an HTML file format, the GandCrab operators are asking for $2,400 in Dash or Bitcoin for ransomware removal. The new GandCrab variant also connects to the command and control server as soon as the cryptovirological payload is delivered and unpacked on the affected device. Command and control servers actually notify attackers with the real-time activity of ransomware on the affected device.
One peculiar thing regarding the activity of GandCrab V5.0 is that it uses a string of five random characters as an extension for every locked down the file. Ransomware experts are advising the affected to users to be patient and wait for professional ransomware removal solution instead of paying the attackers.
Experts have yet to find what distribution mechanism is used by the operators. They are sure that GandCrab operators are not using exploit kits for distributing the latest version. So, there are strong chances that brute-force or email spamming is being used for distributing the strain.
