GandCrab ransomware distributed by RIG and GrandSoft exploit kits

GandCrab

Last week, David Montenegro, a security researcher, discovered a new ransomware called GandCrab that is being distributed through exploits and maybe the first ransomware to accept DASH money as a ransom.

Dash is a digital currency that supports instant transactions and protects the privacy of users. It is based on bitcoin, but more anonymous, so that transactions can not be traced.

After Montenegro announced its findings, more security researchers said they are very interested in GandCrab. They conducted an in-depth analysis of the ransomware and posted the results on Twitter.

According to “nao_sec” and “Brad,” an infiltration code toolkit researcher, GandCrab is currently being distributed with so-called seamless malvertising campaigns. Attackers used the top-level exploit kit, RIG, to look for loopholes in the victim’s software and install GandCrab without the permission of the victim.

Interestingly enough, GandCrab developers demanded that victims use the world currency as ransom payments, and most ransomware usually chooses bitcoin, and even if this generalization has changed, most ransomware has only become more popular Monroe or Ether.

This is the first ransomware that requires the use of the world currency as a ransom payment. Researchers believe this is likely due to the fact that the D-Currency is built around privacy, making it difficult for law enforcement agencies to track down their owners.

Developers of GandCrab currently set their ransom demand at 1.54 DTI, which is about $ 1,170 at current prices.

When encrypting a file, GandCrab attaches the .GDCB extension to the end of the filename of the file being encrypted. For example, when *.txt is encrypted, its filename changes to *.txt.GDCB.

 

Unfortunately, there is currently no way to decrypt these files for free.