McAfee: The GandCrab crew parnered with the malware crypter service NTCrypt to evade the security products

The cybercrime gangs are partnering to maximize their cyber attacks profits and avoid being detected. The McAfee cyber security experts discovered that the GandCrab crew partnered with the malware crypter service NTCrypt. The group provides obfuscation to evade antimalware security products. The partnership between GandCrab and NTCrypt was established in a novel way. At the end of September, the GandCrab crew started a “crypt competition” on a popular underground forum to find a new crypter service they could partner with. NTCrypt applied and eventually won the competition. Before this, the malicoius actors openly endorsed FalloutEK. The goal in both cases is to strengthen the malware’s supply and distribution networks. On September 27, the GandCrab crew announced Version 5. The developers market the affiliate program like a “members-only club” and new affiliates are lining up to join, in the hope of making easy money through the large-scale ransomware extortion scheme.

More and more cybercrime groups are forming alliances, working together against the same targets, and exchanging tools and TTPs

For cybercrime gangs business, such as GandCrab, building these alliances makes perfect sense: They increase the ease of operation and a trusted affiliate network, minimizes their risk exposure by allowing them to avoid less-trusted suppliers and distributors. For the security community it is worrisome to see that malware creators’s aggressive marketing strategy seems to be paying off. It is generating a strong influx of criminal interest and allows the GandCrab crew to form alliances with other essential services in the cybercriminal supply chain. Moreover, this phenomenon is growing in all the cybercrime-cyber warfare environment. More and more groups work together against the same targets, and exchange tools and TTPs to reach their goals.

The McAfee analysis on the malware