A relatively new ransomware dubbed GandCrab is becoming a leading cyber threat, according to McAfee security researchers.
GandCrab first appeared in January and has evolved rapidly this year.
The McAfee Advanced Threat Research Team recently reverse engineered Versions 4.0, 4.1 and 4.2 of GandCrab to discover more details on the threat.
About the author:
“The GandCrab author has moved quickly to improve the code and has added comments to mock the security community, law agencies, and the NoMoreRansom organization. The malware is not professionally developed and usually has bugs (even in Version 4.2), but the speed of changes is impressive and increases the difficulty of combating it.”
GandCrab attack vectors:
- Remote desktop connections with weak security or bought in underground forums
- Phishing emails with links or attachments
- Trojanized legitimate programs containing the malware, or downloading and launching it
- Exploits kits (e.g., RigEK and others).
The goal of GandCrab, like other forms of ransomware, is to encrypt files on infected system and demand a ransom payment to unlock the files. The cybercriminal requires payment in cryptocurrency, such as Bitcoin or DASH, that are harder to track.