Volexity cybersecurity experts: The North Korea’s APT uses a fake trading website, that mimic a legit one, and DLL Side-loading to distribute the malware.
The victims of the GandCrab ransomware today have a way out, for free. The decryption kit for files locked by ransomware is available on No More Ransom
The victims affected by the GandCrab ransomware, distributed with one of the most aggressive cyber attacks in recent months, today have a way out to recover their data without having to pay a ransom to cyber criminals. A decryption tool, available free to everyone on the website www.nomoreransom.org. It was developed by Romania’s police forces in cooperation with those of Bulgaria, France, Italy, the Netherlands, Poland, the United Kingdom, the United States and Hungary, with Bitdefender and Europol. The tool works for all versions of malware except two: 1.4 and 1.5. Regardless of the geographical location of the victims. The cyber security experts worked in record time to create it, exploiting the fact that the malicious code authors had sent the decryption key only to a limited number of targets in Syria, allowing them to recover data.
The malware from January 2018 infected nearly 500,000 victims worldwide and continues to evolve. At the moment the fifth version is circulating
GandCrab has infected nearly 500,000 victims worldwide since January 2018. Once he has acquired control of the victim’s computer, it encrypts the files in it and asks for a ransom to unlock them. The cost ranges from 300 to 6,000 dollars, depending on who has been hit and in which geographical area he is. Obviously, the amount must be paid in cryptocurrency (DASH and Bitcoin). In February, cyber security experts released the first ransomware decoding kit. But the cybercrime in response began to spread a new version of the malware, with improved coding and comments to provoke the police force and all the actors trying to counter it. Then a third and a fourth were sent, and now we are at the fifth version of the malicious code.
Cybercrime makes the most powerful and aggressive malicious code every time. Moreover, to maximize profits, RaaS schemes and partnerships with other cybercriminal groups proliferate in the dark web
GandCrab over time has become increasingly aggressive and armored, thanks to a ransomware-as-a-service (RAAS) scheme on the dark web. This, in fact, allows the use of malware even by less experienced cyber criminals. These, thanks to a specific tool, can quickly and easily launch computer attacks against multiple targets. In return, the creators of the malicious code are allowed to withhold 30% of each ransom as compensation for the “rent” of the ransomware. Moreover, to maximize profits, the creators of the code have signed several partnerships with additional cybercrime groups, specialized in other services.