The treacherous porn extortion malware, GandCrab Ransomware that saw phenomenal success last year is back & vigorous than ever!
The developers of GandCrab are working strenuously & launching newer versions of this ransomware so as not to lose their hard-won share in the world of malware. GandCrab Ransomware currently holds an incredible 40% share of the whole ransomware market. Cyber-criminals behind GandCrab who are propagating & distributing ransomware are staying updated & opting for creative, ingenious & even romantic tactics to infect systems & swindle innocent users.
The blackmail scheme implemented by GandCrab Ransomware reads as “We hijacked your webcam & nailed you watching porn. We have encrypted your data & now we want ransom.”
Researchers have revealed that the most common variant of the malicious e-mails distributed by the fraudsters have a romantic phase in the subject line. Some of the captivating subject lines used by the distributers include My love letter to you, Wrote my thoughts down about you & Fell in love with you.
It is evident that subject lines with love declarations sound appealing; however they actually bear the tidings of possible disaster to user’s system & sensitive information. The consequences are that such messages do not raise alarms & work stealthily, rendering user unaware of its deceptive intentions.
This accidental & unintentional download of extortion scam ransomware will eventually end up in the encryption of critical data & files of users. Following the encryption, users will be redirected to a message explaining that all the files in your system have been encoded & can only be restored by paying a ransom in bitcoin(s). In case users are not acquainted with Cryptocurrencies, the fraudsters that master-mined the scam attack provides a live chat window for novices to teach them how to purchase ransom amount & pay it.
A tool used to synchronize data between the management systems for IT companies was reported to have a security flaw. This defect led to the invention of a patch in 2017 to fix the vulnerability. However, not everyone owning the tool installed that patch in 2017. Consequently, GandCrab Ransomware is now targeting all those who didn’t install the patch & encrypting all their sensitive data.
The security flaw is paving a way for the cyber criminals to create new administrator accounts & trigger commands to install pernicious ransomware at the end-points.
Many e-mail attachments are luring & hackers are continuously exploiting the opportunity of sending malicious e-mails that bear resemblance to an invoice, a payment confirmation or notice. These e-mails contain a link that downloads a ZIP, a RAR or an excel file from WeTransfer. The files are protected by a password that is mentioned in the mail. Any attempt to open these attachments will deploy the Gandcrab Ransomware once executed.
Another hilarious & brand-new method adopted by the cyber criminals is the use of an alluring “payment notice” in the form of an Excel document. An attempt to access the file will display a dialog telling that you can’t view the file online & further suggests you to click “Enable Edit” & “Enable Content”.
Surprisingly, this specific attack is targeting Italians exclusively. Enabling Edit & Content will activate a script that checks if your system is based in Italy.
If the system is Italy-based, you will get to experience developer’s sense of humor. The image of Mario containing malicious PowerShell code covers the screen & a mere click on the image to view the file contents will download the malware.
The cybercriminals use various strategies for malware distribution which include –
Targeted Operating System: Windows
Symptoms: User’s files are encrypted. All encrypted files are appended with .gdcb, .crab, .krab, .KRAB, .lock,.[random_characters] extension & a pop-up window asking users to make a ransom [in bitcoin(s)] appears.
Continue to follow steps 4 & 5 of Method 2 to restore the System Files and settings.
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
The researchers at Virus Removal Guidelines are dedicated to track down the latest vulnerabilities which may infringe your system security. Our team of expert performs a detailed research about every malware infection before educating our users about the same.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.