Russian dark web ad for new GandCrab ransomware-as-a-service discovered

Your Feed is from https://www.safeharboroncyber.com/Blog/
A recent story from scmagazineuk.com reveals a little-known researchers investigating newly discovered GandCrab ransomware have learned how their authors have sold malware as malicious potential buyers as ransomware as a service pack.
Russia’s Black Internet Advertising Newly-Found GandCrab Ransomware as a Service
Researchers investigating newly discovered GandCrab ransomware have learned how their authors have sold malware as blackmagic potential buyers as ransomware as a service pack.
Last Friday, LMNTRIX, the Australian cybersecurity company, shared their findings with SC Media. After revealing a GandCrab Russian ad, an unusual ransomware, it used RIG and GrandSoft exploits as a distribution mechanism, asking for Use cryptocurrency Dash and use a server hosted on a .bit domain.
According to LMNTRIX, the ad offers a partnership program whereby members divide GandCrab’s profit with the developer into 60:40. In addition, large partners have the opportunity to increase their share to 70%. The author also provides technical support and updates for buyers.
However, there are a few caveats: Partners must not target countries that are now members of the former Soviet republics of the Commonwealth of Independent States, or their accounts will be deleted. In addition, “Partners must apply to use ransomware and have a handful of ‘seats’ available,” LMNTRIX explained in an email to SC Media.
According to LMNTRIX’s English translation of ads, the authors also touted the ability to manually configure ransom size, individual robots and encryption masks; a “handy admin panel” on the TOR web and the ability to access victim pages from regular web browsers; This significantly increases the amount of payments. “The ad further states that the amount of ransom automatically doubled if the victim did not pay on time.
As an additional selling point, GandCrab’s author also posted a teaching video demonstrating how ransomware avoids antivirus testing.
Read more…
Researchers investigating the newly discovered GandCrab ransomware have learned how its authors are marketing the malicious program as a ransomware-as-a-service package to potential buyers on the dark web. On Friday, Australian cyber-security firm LMNTRIX shared with SC Media its findings, after uncovering a Russian-language advertisement for GandCrab – an unusual ransomware in that it uses the RIG and GrandSoft exploit kits as a distribution mechanism, demands payment using the cryptocurrency Dash, and employs a server hosted on a .bit domain. According to LMNTRIX, the ad offers a partner programme, whereby members split GandCrab’s profits with the developers 60:40. Additionally, large partners are given the opportunity to increase their share to 70 percent. The authors also offer technical support and updates to buyers. However, there are caveats: Partners must not target countries in the former Soviet Republics that now comprise the Commonwealth of Independent States, or their accounts will be deleted. Engaging post, Read More…
thumbnail courtesy of scmagazineuk.com
The post Russian dark web ad for new GandCrab ransomware-as-a-service discovered appeared first on Safe Harbor on Cyber.