New GandCrab Ransomware Variant Encrypts Files Super Fast

GandCrab emerged onto the scene back in January. And similar to many ransomware programs, it underwent some changes. Now, there are new wrinkles that promise to challenge even the most vigilant observers.

How Does GandCrab Ransomware Work?

GandCrab is a different cat altogether. Normally, ransomware infects devices via spam email. This is where you’ll receive a message enticing you to click on a link to access “important messages” from your bank, aunt or post office. Once that loads, the malware goes to town, feasting on your files.

This isn’t the case with GandCrab. This ransomware uses two different exploit kits. Similar to its name, the ransomware targets vulnerabilities in a system such as Internet Explorer or Flash then uses these weaknesses as distribution points for its malware. This is the RIG exploit kit method.

Another method concerns the GrandSoft exploit kit, which works by discovering vulnerabilities in the Java Runtime Environment. From there, the hackers can issue remote attacks with execution codes that encrypt files and demand payment before releasing them back to the user.

Illustration by Pixabay

GandCrab’s New Variants

One of the ways hackers continue to perfect their craft is through regular updates of their malware programs and GandCrab is no different in this regard. Fortinet researchers uncovered a change in the ransomware’s code structure.

What does this mean? ZDNet reports the ransomware now runs on a Salsa20 steam cipher, meaning it can encrypt data much quicker than previous versions.

Another new wrinkle is the method of attack. Now, hackers are targeting WordPress websites. When visiting WordPress, a user might receive a request to download system tools via links, according to a ZDNet report. If the user clicks on the links, it downloads the malware onto their device, rendering their files inaccessible. You’ll know if you’re infected because the ransomware encrypts the files and codes them with the KRAB extension.

To prevent this code from holding your files hostage, it’s important to think before acting. Normal WordPress websites won’t ask you to download system tools or anything related to it. It’s similar to visiting ESPN or HGTV’s websites, where you might encounter ads but that should be all.

Moreover, it’s an important rule of thumb to avoid clicking on hyperlinks which originate from an unknown source. Similar to refraining from clicking on email attachments from unknown senders, exercise caution when receiving requests to download files via hyperlinks. If you didn’t initiate it (software updates) then it’s best to ignore it.

What Happens if My Files Are Locked?

Losing access to files due to ransomware can be frustrating. However, know there are solutions available. Instead of paying hackers who might or might not return data access, entrust the team at Salvage Data. Our technicians can recover your files from corrupted devices with expedient service that’s affordable and informative.

We are proud to offer a free, no-obligation quote from which you’ll receive all the solutions available to you. It’s a risk-free way of discovering how we can help you regain access to your files. Contact us today to take the first step towards recovering your data!