Collaboration, transparency

CyberWisdom Safe Harbor Commentary on GandCrab Ransomware:

Bleepingcomputer.com reveal a post from Malwarebytes exposing a new ransomware, GandCrab, was released late last week and is currently being released through exploits. GandCrab has some interesting features not seen in ransomware, such as the first one to accept DASH currency and the first one to use Namecoin support .BIT tld.

David Montenegro, a security researcher, first discovered that researchers quickly jumped in to analyze ransomware and post their results on Twitter. This article will delve into the content found by myself and other researchers.

Unfortunately, there is currently no way to decrypt files that are freely encrypted by GandCrab. However, this ransomware is under study and we will update this article if new information is available.

Now, if you want to discuss GandCrab, you can read the comments section of this article or our dedicated GandCrab help and support topic.

GandCrab is distributed via the rig attack kit
According to exploit kit researchers nao_sec and Brad Duncan, GandCrab is currently distributing via a malicious advertising campaign called Seamless and then pushing visitors to the RIG exploit kit. The attack kit will attempt to exploit the vulnerability in the visitor software to install GandCrab without their permission.

How to protect your own GandCrab Ransomware

In order to protect yourself from GandCrab ransomware, it is important to use good computing habits and security software. First and foremost, you should always have reliable and tested data backups that you can recover in an emergency, such as ransomware attacks. With a good backup, ransomware has no effect on you.

You should also have security software that includes behavioral detection to deal with ransomware, not just signature detection or heuristics. For example, Emsisoft anti-malware and malware anti-malware all contain behavioral tests that prevent many (if not most) ransomware from infecting encrypted computers.

And last but not least, ensuring that you practice the following safety practices is, in many cases, the most important step:

  1. Backup, backup, backup!
  2. If you do not know who sent it, do not open the attachment.
  3. Until you confirm that the person actually sent to your attachment is turned on,
  4. Use Accessories such as VirusTotal to scan attachments.
  5. Make sure all Windows updates are installed Also make sure you update all programs, especially Java, Flash, and Adobe Reader. Older programs contain security holes commonly exploited by malware distributors and utilize toolkits. Therefore, it is very important to keep updating.
  6. Make sure you are using some kind of security software installed with behavior detection or whitelist technology. Whitelisting can be a painstaking training, but if you are willing to stock it, you can get the maximum return.
  7. Use a hard password and do not reuse the same password at multiple sites.

Read more:

Fitness Tracking App Accidentally Exposed Military Bases ATM Jackpotting Attacks Hit the US for the First Time Microsoft Issues Windows Out-of-Band Update That Disables Spectre Mitigations Tor-to-Web Proxy Caught Replacing Bitcoin Addresses on Ransomware Payment Sites IOTA Cryptocurrency Users Lose $4 Million in Clever Phishing Attack Lenovo’s Fingerprint Scanner Can Be Bypassed via a Hardcoded Password InsaneCrypt (desuCrypt) Decrypter Remove the 11 Pumpkin Flavored Foods Chrome Extension Remove the FF uBlocker Firefox Addon Remove the S-N-A Chrome & Firefox Extension Remove Security Tool and SecurityTool (Uninstall Guide) How to remove Antivirus 2009 (Uninstall Instructions) How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller Locky Ransomware Information, Help Guide, and FAQ CryptoLocker Ransomware Information Guide and FAQ CryptorBit and HowDecrypt Information Guide and FAQ CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ How to Rename a Hyper-V Virtual Machine using PowerShell & Hyper-V Manager How to Install Hyper-V in Windows 10 How to Enable CPU Virtualization in Your Computer’s BIOS How to open a Windows 10 Elevated Command Prompt How to start Windows in Safe Mode How to remove a Trojan, Virus, Worm, or other Malware How to show hidden files in Windows 7 How to see hidden files in Windows A new ransomware called GandCrab was released towards the end of last week that is currently being distributed via exploit kits. GandCrab has some interesting features not seen before in a ransomware, such as being the first to accept the DASH currency and the first to utilize the Namecoin powered .BIT tld.  First discovered by security researcher David Montenegro, researchers quickly jumped in to analyze the ransomware and post their results on Twitter. This article will dive into what has been discovered by myself and other researchers. Unfortunately, at this time there is no way to decrypt files encrypted by GandCrab for free. This ransomware is being researched, though, and if any new information is released we will be sure to update this article. For now, if you wish to discuss GandCrab you can this article’s comments section or our dedicated GandCrab Help & Support Topic. Engaging post, Read More…

thumbnail courtesy of bleepingcomputer.com


If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post

The post GandCrab Ransomware Distributed by Exploit Kits, Appends GDCB Extension appeared first on Safe Harbor on Cyber.

Powered by WPeMatico

convert this post to pdf.
Be Sociable, Share!
Uncategorized , , ,

Ad