Safe Harbor on Cyber is a 'safe harbor' blog site on cyber security for families and small businesses with news on cyber threats, risk, data breach, identity thefts, ransomware, cryptocurrency, and vulnerabilities items.
HomeRemediesRound-up Cybercriminals are using new tactics to spread Ransomware GandCrab
February 4, 2018
Round-up Cybercriminals are using new tactics to spread Ransomware GandCrab
CyberWisdom Safe Harbor Commentary on Ransomware GandCrab
The komando.com guides a revealing a new ransomware elusive tactic to spread their malicious payload of hacks and extortion to rob unaware victims like us.
Ransomware is rapidly rising to become the largest threat to software security. Ransom software so attractive to cybercriminals, in addition to profitability, but also one thing is its adaptability.
It continues to evolve as cybercriminals change their code to suit their needs and evasion of security software. And not just the code that changes regularly, the media and methods of ransomware distribution are constantly changing.
In fact, the software security company Malwarebytes recently discovered a new way of distributing ransomware.
Often ransomware is provided through poison files and attachments embedded in spam and phishing emails – you know, click on the receipt! Or “Read This PDF!” Variety.
Ransomware is malware that infects computers and restricts users’ access to it until the payment of a ransom can be unlocked.
Why so effective?
The authors of ransomware instill fear and panic among victims, causing them to click on links or pay the ransom, and user systems can become infected with other malware. Ransomware shows horrifying news similar to the following:
“Your computer is already infected with the virus. Click here to solve the problem.”
“Your computer was once used to visit sites that contain illegal content, and to unlock your computer you have to pay a fine of $ 100.”
“All files on your computer have been encrypted and you must pay this ransom within 72 hours to regain your data.”
Ransomware GandCrab version is distributed through exploit kits.
GandCrab uses two vulnerability kits, distributed by RIG EK and GrandSoft EK. GandCrab opted not to require payment of ransom in bitcoin but instead used Dash to encrypt money to find payment.
What is the exploit kit?
Exploit Toolkit is an automated hacking tool, usually sold on the Dark Web, meaning novices often cannot write their own malicious code.
These easy-to-use tools typically propagate malware load for vulnerabilities in widely used software, such as Web browsers, Microsoft Office, Java and Adobe Flash Player.
You may already see your exploit kit on the web. Cybercriminals typically embed malicious ads, fake Flash updates, video plug-ins, and pop-ups to lock out-of-date software on vulnerable computers.
These kits first check for available vulnerabilities on your computer and continue to install malware automatically if they are found. This is why it is important to always have updated software!
Vulnerability Pack activities are known for spreading malicious code, including trojans, cryptographers, and crypto-attackers, but Malwarebytes notes that it is “unusual” to use them to distribute ransomware.
The ransomware in question is called GandCrab. For the first time, Malwarebytes researchers found on January 26 that two separate exploits, RIG and GrandSoft, are currently being distributed.
The RIG Attack Toolkit is known as a browser-based exploit using vulnerabilities in Adobe Flash Player and Internet Explorer. Malwarebytes pointed out that “RIG will spread GandCrab to victims using malicious advertisements on compromised websites.”
GrandSoft Exploit Kit is a pre-2012 suite that leverages remote execution of code in vulnerabilities in the Java runtime environment.
This means that both of these exploits can install GandCrab on an unpatched machine, and access to a compromised site requires no user interaction at all! Quite horrible, indeed.
Once installed, GandCrab is just like any other ransomware. It uses RSA encryption to lock Windows files and displays ransom instructions requesting payments for “GandCrab Decryptor” needed to unlock the files.
However, GandCrab does not require bitcoin payments like other ransomware scams. It tends to use Dash, a little-known encrypted currency. The current ransom rate is 1.5 Dash (about $ 1,200), but double if you do not pay the price in a few days.
Image Credit: Malwarebytes
How to protect yourself from toolkits and ransomware GandCrab attacks
Unfortunately, if you are infected with GandCrab, there is currently no free decryption key, so prevention is your best defense.
As I mentioned earlier, always keep all software updates that include the latest patches for your web browser, plug-ins, operating systems, and software.
Although hackers are always looking for the next zero-day vulnerability, having the latest version of the software will protect you from widely used exploits such as RIGs and GrandSoft, which are often targeted at those who are most likely to be patched Vulnerability.
Another powerful protection policy, ransomware is a good online backup solution! As ransomware threats continue to emerge, a reliable backup will always give you the peace of mind you need. We recommend our sponsor IDrive for all your cloud backup needs! Go to IDrive.com and use the promotional code to get exclusive offers.
Ransomware GandCrab Remedies
What can you do for this? On the one hand, ransomware can be very scary – encrypted files can basically be thought of as irreparable damage. However, if you have already prepared your system, that is really too much trouble. Here are some tips to help you avoid ransomware destruction of your day:
1. Back up your data The most important thing to beat ransomware is to regularly update your backups. You should backup all your data and documents and have a recovery plan for all critical information. Perform and test regular backups to limit the impact of data or system loss and speed recovery. Note that backups of network connections may also be affected by ransomware; critical backups should be isolated from the network for optimal protection.
If you are attacked by ransomware, you may lose the documentation that you started using this morning, but you can easily do it if you can recover your system to an older snapshot version or clean your machine and restore other missing documents from your backups. Remember, Ransomware like Cryptolocker will also encrypt the files on the mapped drive. This includes any external drive, such as a USB thumb drive, and any network or cloud file storage to which you have assigned drive letters. So, what you need is a regular backup plan, external drive or backup service, no drive letter assigned, or a drive or backup service that was disconnected while the backup was not taking place.
Infection can be devastating to individuals or organizations and recovery can be a difficult process that may require the services of a reputable data recovery specialist.
US-CERT recommends that users and administrators take the following precautions to protect computer networks from ransomware:
Use application whitelists to help prevent malware and unapproved programs from running. An application whitelist is one of the best security policies because it only allows specified programs to run while blocking all other programs, including malware.
Keep your operating system and software up-to-date with the latest patches. Vulnerable applications and operating systems are the targets of most attacks. Ensuring that these patches and the latest updates greatly reduce the number of entry points available to an attacker.
Maintain the latest anti-virus software and execute before scanning all software downloaded from the internet.
Restrict users’ ability to install and run unneeded software applications (permissions), and apply the “least privilege” principle to all systems and services. Restricting these rights may prevent malware from functioning or limit its ability to propagate over the network.
Avoid opening macros from email attachments. If the user opens the attachment and enables the macro, the embedded code will execute the malware on the machine. For businesses or organizations, it is best to block emails from attachments of suspicious sources. For information on safely handling email attachments, see Identifying and
Avoiding Email Scams. Follow safe practices when browsing the web. See good safety practices and protect your data for more details.
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post » Round-up Cybercriminals are using new tactics to spread Ransomware GandCrab
Pseudo author name by David S. Eng offers valuable information and cyber threat incident alerts to protect, prevent, mitigate, respond, recover, and learn about Cybersecurity threats to your business and family. CyberWisdom author curated Cyber Security Information and News Feeds and Articles. He has six years of hands on experiences as the principal researcher for DHS Cybersecurity Pilot Program on cyber threat intelligence, risk management, cyber technologies, web collaboration tools.