New Version of GandCrab Ransomware Released
A new version of the GandCrab ransomware has been released; the release itself is news because of the channel of distribution that has been adopted.
GB Hackers on Security reports, "A new version of GandCrab Ransomware released, as like the previous version it was not distributed through exploit kits. The distribution method of GandCrab v5 is currently unknown, the new version appends a random 5 character extension on the encrypted files and creates HTML ransom note."
Among the different strains of ransomware that are currently trending, the GandCrab ransomware is rather widespread. This ransomware, with newly updated features, is under constant development and those behind it are using it to target different countries across the globe.
This new version of the GandCrab ransomware, according to experts, would scan the whole of a system and all the associated networks for files to encrypt.
GBHackers on Security quotes Lawrence Abrams of Bleeping Computer as stating, "Once it has the files it encrypts and then appends a random 5 character extension, “when I tested the ransomware it appended the .lntps extension to the encrypted file’s name, for example, test.doc has been encrypted and renamed to test.doc.lntps"
Once the encryption process is done, an HTML ransom note is created. This ransom note will show files, documents, photos etc as encrypted and would ask the victim to pay a ransom so as to get all the encrypted stuff unlocked. The ransom note would also contain instructions regarding how to reach the TOR payment site and also regarding the payment. It's only by making the payment that the victim can buy the GandCrab Decryptor.
The ransom note tells the victim- "Your computer has been infected with GandCrab Ransomware. Your files have been encrypted and you can't decrypt it by yourself." It also says, "In the network, you can probably find decryptors and third-party software, but it won't help you and it can only make your files undecryptable." Then the victim would be asked to buy the GandCrab Decryptor by using Bitcoin or DASH, which needed to be bought using a credit card.
There is also the mention of a deadline, after which the cost of decrypting files would be doubled. The ransom amount to be paid would be equivalent to $1200. The hackers would even allow the victim to use decryption and decrypt one file for free.
As we know, the ransomware is now one of the most rampant among all malware; experts do consider it as one of the leaders in the realm of cyberattacks, on the global level.
GB Hackers on Security reports, "A new version of GandCrab Ransomware released, as like the previous version it was not distributed through exploit kits. The distribution method of GandCrab v5 is currently unknown, the new version appends a random 5 character extension on the encrypted files and creates HTML ransom note."
Among the different strains of ransomware that are currently trending, the GandCrab ransomware is rather widespread. This ransomware, with newly updated features, is under constant development and those behind it are using it to target different countries across the globe.
This new version of the GandCrab ransomware, according to experts, would scan the whole of a system and all the associated networks for files to encrypt.
GBHackers on Security quotes Lawrence Abrams of Bleeping Computer as stating, "Once it has the files it encrypts and then appends a random 5 character extension, “when I tested the ransomware it appended the .lntps extension to the encrypted file’s name, for example, test.doc has been encrypted and renamed to test.doc.lntps"
Once the encryption process is done, an HTML ransom note is created. This ransom note will show files, documents, photos etc as encrypted and would ask the victim to pay a ransom so as to get all the encrypted stuff unlocked. The ransom note would also contain instructions regarding how to reach the TOR payment site and also regarding the payment. It's only by making the payment that the victim can buy the GandCrab Decryptor.
The ransom note tells the victim- "Your computer has been infected with GandCrab Ransomware. Your files have been encrypted and you can't decrypt it by yourself." It also says, "In the network, you can probably find decryptors and third-party software, but it won't help you and it can only make your files undecryptable." Then the victim would be asked to buy the GandCrab Decryptor by using Bitcoin or DASH, which needed to be bought using a credit card.
There is also the mention of a deadline, after which the cost of decrypting files would be doubled. The ransom amount to be paid would be equivalent to $1200. The hackers would even allow the victim to use decryption and decrypt one file for free.
As we know, the ransomware is now one of the most rampant among all malware; experts do consider it as one of the leaders in the realm of cyberattacks, on the global level.
Post a Comment