GandCrab V4.1 Ransomware Collecting New Victims in Legitimate Websites

The world has a new global ransomware threat that has the potential to as big as WannaCry and Petya. Immediately after the 4th version of “GandCrab” ransomware was discovered, security experts reported the detection of 4.1 version. While the 4th malware’s version has been spreading with the help of malicious pages injected into the legitimate sites, this new version is using numerous compromised websites presenting themselves as sources for software vulnerabilities. 

Also, important to note, this ransomware uses the Network Communication feature used to send encrypted victim’s data with its developers. According to cyber-security experts, the names of sites used for this type of communication are set using a seemingly random algorithm that selects predetermined words and joins them into a sequence. Sets of words chosen from the pre-defined list and final URL is formed in a format: “www.{host}.com/word1/word2/fname.extension.” After connecting to the newly-set URL, GandCrab sends encrypted data, including the victim’s IP address, username, operating system and so on. Leaving a wake of destruction on it’s path. It is suspected that the malware might also use SMB (Server Message Block) exploit, making the attack similar to WannaCry and Petya ransomware attacks which used EternalBlue last year.

Patching Can Help If It's Done In Time 

In this case, patching cannot be ignored as exploited vulnerabilities or flaws can lead you to the infiltration of malware. Besides, downloading vulnerability patches can eliminate specific bugs, improve the stability of the operating system, fix security issues. Patching is an essential preventative measure when keeping machines up-to-date and safe from threats. The problem is most people are unaware of patches available or they ignore the prompts. There is also the risk that employee’s devices aren’t being patched in time.

Most of the cyber attacks take advantage of these hardware or software issues, and patching is needed. This also means that updating software can help in prevention. Unfortunately, the unpatched software can become a magnet for malware and cause a lot of damage.

There were a lot of instances where even the OS companies analyzed these issues and information about the tendency in updating the equipment. Expired antivirus software can be one of the most exploited vulnerabilities. People are not always careful and protecting their machines. The more different security software you use, the less likely you are risking to get a cyber infection. It can also be as simple as the backup PC or laptop that is only temporarily used and has not been patched or updated. 

If you would like more information about how to avoid the risks and would like to know if you are at risk, contact us for a free risk assessment.