MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Scam of the Week – GandCrab Ransomware

Scam of the Week – GandCrab Ransomware

GandCrab, one of the most aggressive forms of ransomware to be seen this year is the latest to make our scam of the week.

The newly engineered ransomware is being promoted on the dark web as a ransomware-as-a-service (RAAS) to cybercriminals. GandCrab is developed in such a way that anybody can buy it online through the dark web.

Once purchased, the buyer becomes a member of the extended GandCrab network and any money made through victimising unsuspecting users is split between the developers and buyers on a 60:40 ratio.

The buyers, however, have the option to increase their shares up to 70 percent if they can breach a larger number of computers successfully. The scam has proved so lucrative to cybercriminals that they’ve even released a video on YouTube taking the buyers through the ransomware set up process.

Interestingly, there are few restrictions on where the users can operate, and they are prohibited from targeting citizens of countries in the former Soviet Union. This is most likely a result of the developers and the servers being located in these countries.

The ransomware works by infecting a victim’s computer via “The HoeflerText font wasn’t found” pop-ups. Once the ransomware is delivered, it starts data encryption and locks file types by opening the .GDCB file extension to each of them.

It also creates a GDCB-DECRYPT.txt file as a ransom note. It instructs the victim to pay 1.54 DASH ransom and instructs them to contact the developers via [random_name)@cdkconstruction.org email address. The virus is also distributed through malicious emails that contain a PDF or DOC, which creates an exploit file (sct5.txt).

There are, however, a number of steps you can take to protect yourself from getting infected by the GandCrab ransomware. Never download PDF documents from someone you are not familiar with, avoid websites you have unknowingly been directed to, don’t click on suspicious links and regularly update your anti-virus software.

For more information on how Metacompliance can help protect you online, click here

about the author

sharing is caring

Share on linkedin
Share on twitter
Share on facebook

you might enjoy reading these

Request Demo

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations