Security professionals have been trying to stay ahead of GandCrab. It has evolved to it’s 5th version and has potentially become 2018’s most prolific ransomware. Unfortunately, the criminals behind it continue to experiment with new features.
Researchers announced the discovery of GandCrab v5 recently (September 2018), the latest major update to a strain of ransomware that has gained significant traction in the criminal community this year.
GandCrab appeared in late January and the ransomware found success almost immediately, infecting more than 50,000 victims in less than a month. The success also earned the group the attention of the authorities, however, and in late February a collaboration between Bitdefender, Europol, and the Romanian Police resulted in the seizure of command-and-control servers and the release of a decryption tool victims could use to recover their encrypted files.
The raid was unfortunately just a minor setback. Within a week the GandCrab v2 was released, rendering the decryption tool ineffective.
GandCrab authors would continue iterating from there, consistently making tweaks, issuing updates, and fixing bugs on a regular basis. Thanks in part to this “agile” approach, GandCrab has managed to stay one step ahead of many traditional security solutions and gain widespread popularity amongst criminals who rent it out for use in their own campaigns.
GandCrab v5 was discovered on September 24, but, true to form, its authors busily spent the next week working out kinks and making minor changes, resulting in version 5.0.4 appearing by October 2.
Security researchers have noticed the ransomware appeared to be attempting to incorporate the same exploit code for the Windows Task Scheduler ALPC zero-day vulnerability. This exploit can give GandCrab elevated privileges once the ransomware is installed on infected machines. Microsoft released a fix for the vulnerability as part of its September 2018 updates. If they haven’t already, organizations are advised to patch to mitigate that specific threat as soon as possible.
Stay ahead of the cybercriminals by hiring a professional managed services firm like CCNY Tech. We can keep your hardware running great and your operating system safer from vulnerabilities. Let us setup proper backups, failovers to keep you up and running. We also monitor your systems and keep all your systems updated to stay ahead of problems. Give us a call at 1-800-566-4786 or visit ccnytech.com to get started.