GandCrab Ransomware Updated – Targets Windows XP and Older Servers

The notorious GandCrab ransomware was updated in a new version, 4.1, which uses a worm-based attack that targets older servers and machines, running Windows.

The GandCrab developers have gotten smarter and they have started pushing their nasty ransomware virus to Windows XP and older server versions. The trick is to use a well-known SMB vulnerability, whose main goal is to target those operating systems because of one reason – they are already regarded as no longer eligible for security updates and support by Microsoft.

The GandCrab 4.1 Variant Uses Different Encryption Than Before

GandCrab ransomware which initially started to be active during January, 2018 and has swiftly risen to becoming one of the most popular ransomware viruses in the world. And not only this, but the ransomware is constantly getting updated and is being released in the dark web by it’s devs. And not only this, but the latest version of the virus also uses the algorithm Salsa20, that is way faster than the traditional RSA-2048 that was originally used by the virus in it’s predecessor variants. The Salsa20 cipher is well known in the cyber-security world, primarily because of the fact that it was used with the notorious Petya ransomware virus.

The new version of GandCrab is also infecting victims via more than one obfuscated method as well. It uses WordPress sites which have been compromised in order to make it possible to slither it’s malware. The hackers are also very swift as they often update their download URLs very often in order to keep pushing the malware despite antivirus software blocking it. In addition to this, malicious e-mail spam messages should also be considered as they were used by all of GandCrab’s previous versions and amount to over 80% of malware infections over the (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Vencislav Krustev. Read the original post at: