GandCrab ransomware has been around for a while now. Its operators have dropped multiple variants at different points in time. Every latest version of GandCrab is really different from its predecessor. A team of malware hunters discovered the latest updated strain of GandCrab in July. Since then, cyber security and ransomware removal experts have been working to discern the new and unique features of it.
After four long months of its dissection, experts have succeeded in identifying various distinctive features of the latest ransomware.
Use of Eternal Blue Exploit Kit
The developers have changed the exploit kit of the latest GandCrab to Eternal Blue. This exploit kit is infamous for its effective maneuvering in the operational environment of Windows 2003 and XP. This new feature of the ransomware has transformed it into a potent threat for legacy systems. These systems are operated through older versions of Windows and many security software firms don’t produce service packs for them anymore. This means legacy systems will remain at the risk of ransomware attack as long as they don’t upgrade their operating system.
Command-and-Control System is no Longer Needed
The majority of ransomware attacks are launched and operated through command-and-control servers. However, the exploit of the latest GandCrab ransomware is designed in a way that it doesn’t need such centralized control. Excluding the need of command and control has made GandCrab more effective against air-gapped networks.
It has also been found out that the latest GandCrab is doing encryption at a faster rate as compared to previous versions. Faster encryption simply means a difficult ransomware removal task.
In order to neutralize the threat of the latest GandCrab version, enterprises have to upgrade their systems. Moreover, they also need to spend more on cybersecurity and in-house ransomware removal expertise.