Scam of the Week – GandCrab Ransomware

March 29, 2018 11:14 am Geraldine Strawbridge

Scam of the Week – GandCrab Ransomware

GandCrab, one of the most aggressive forms of ransomware to be seen this year is the latest to make our scam of the week.

The newly engineered ransomware is being promoted on the dark web as a ransomware-as-a-service (RAAS) to cybercriminals. GandCrab is developed in such a way that anybody can buy it online through the dark web.

Once purchased, the buyer becomes a member of the extended GandCrab network and any money made through victimising unsuspecting users is split between the developers and buyers on a 60:40 ratio.

The buyers, however, have the option to increase their shares up to 70 percent if they can breach a larger number of computers successfully. The scam has proved so lucrative to cybercriminals that they’ve even released a video on YouTube taking the buyers through the ransomware set up process.

Interestingly, there are few restrictions on where the users can operate, and they are prohibited from targeting citizens of countries in the former Soviet Union. This is most likely a result of the developers and the servers being located in these countries.

The ransomware works by infecting a victim’s computer via “The HoeflerText font wasn’t found” pop-ups. Once the ransomware is delivered, it starts data encryption and locks file types by opening the .GDCB file extension to each of them.

It also creates a GDCB-DECRYPT.txt file as a ransom note. It instructs the victim to pay 1.54 DASH ransom and instructs them to contact the developers via [random_name)@cdkconstruction.org email address. The virus is also distributed through malicious emails that contain a PDF or DOC, which creates an exploit file (sct5.txt).

There are, however, a number of steps you can take to protect yourself from getting infected by the GandCrab ransomware. Never download PDF documents from someone you are not familiar with, avoid websites you have unknowingly been directed to, don’t click on suspicious links and regularly update your anti-virus software.

For more information on how Metacompliance can help protect you online, click here