The South Korean company Ahnlab has developed a Killswitch for the latest version of the virus, calling itself v4.1.2, causing the ransomware to stop functioning.
Ahnlab has reportedly analyzed the internal version 4.1.2 of GandCrab ransomware, which is part of the 4.1 version, using the .KRAB file extension after file encryption. Researchers have then designed an app, that works as a defensive measure and can be dropped on users’ computers before they become infected with GandCrab 4.1.2. For the defense tactic to work, you will need to get the file, which has a string in it’s name and has the .lock file extension. Such .lock files are essential to GandCrab’s way of operation and here are the steps in which they are created:
Step 1: GandCrab 4.1.2 infects your computer and encrypts your files.
Step 2: The virus creates a .lock file with a mutex, for which the virus scans for comparing the file to the .lock files of other infected computers.
Step 3: If the .lock file already belongs to GandCrab’s infected computers’ list, the virus shuts down and doesn’t encrypt anything to prevent double encryption and infection to take place.
Researchers have cleverly devised such a .lock file, which acts as a killswitch and the whole app can be downloaded from the following link (also available on asec.ahnlab.com/1145):
IMPORTANT NOTICE! Your antivirus may detect the killswitch as a virus, but it is also available on Anhlab’s research site above and we believe that the file can be trusted, because it is not an actual GandCrab but merely a method used to prevent the actual threat so be advised to disable your antivirus and anti-malware software before downloading the file.
After downloading the file, (Read more...)
*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | SensorsTechForum.com authored by Vencislav Krustev. Read the original post at: https://sensorstechforum.com/killswitch-file-now-available-gandcrab-v4-1-2-ransomware/