New Gandcrab 5 Strains Distributed As Ransomware-as-A-Service

The GandCrab 5 ransomware strains that were recently released by different hacker collective as ransomware-as-a-service. The available research shows that the developers behind them are probably offering them as in the underground markets in this form.

Gandcrab 5 Ransomware Used In RaaS Attacks Against Targets Worldwide

Research around the recently released GandCrab 5 ransomware has led the experts to believe into believing that the new samples are being delivered as a “ransomware-as-a-service” (RaaS) malware. This is a popular threat which was being used in targeted worldwide attacks and in a relatively short time frame was able to compromise thousands of networks and computers — both to individual users, companies and large businesses. Following the hackers movements it was discovered that the operators behind the attacks are partnering with a malware crypting service called NTCrypt. This is a malicious tool that is used to enhance the malicious code and make them more difficult to remove. It adds an extra layer of stealth protection — it seeks to find security software by looking out for their specific strings. The discovered apps will have their engines bypassed or entirely removed.

According to the experts this has led to the added exposure of the GandCrab 5 ransomware and fostered the creation of its many variants. Evidence of this is the announced competition of by the GandCrab 5 hackers before settling on NTCrypt.

Another reason for the success of the virus infections is the marketing approach undertaken by the virus operators. The use of several exploit kits and the large-scale intrusions and targeted campaigns has led to heightened demands of the core ransomware samples. There are multiple ways that the compromised machines are being attacked:

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | authored by Martin Beltov. Read the original post at: