Beware of a New Ransomware Variant - GandCrab Ransomware

What is GandCrab ransomware?

Discovered on January 26, 2018, by researcher David Montenegro, GandCrab ransomware is becoming the third most prominent ransomware variant in the world of internet security. GandCrab Ransomware infects your entire system and uses various programs and scanning methods to find out the weaknesses of your computer system. The nefarious ransomware developers are putting in a lot of effort in designing more devastating using more sophisticated techniques deployed by software development companies.

How does GandCrab Ransomware spread?

Like other ransomware variants, GandCrab ransomware also finds its way into your computer through spam emails, messages or feeds on social media. These messages tempt the users to click on the messages or open emails and install the infected software on their system unknowingly. Once installed, the software triggers the installation of ransomware on your system and then starts encrypting files on the system.

How to identify GandCrab Ransomware?

GandCrab ransomware infected over 50,000 victims and earned more than $600,000 in the months of January and February this year. What makes this new ransomware variant from other ransomware is the way it has been developed and designed. Its development is more or less similar to the Agile development discipline implemented in today’s enterprise development shops.

The GandCrab ransomware comes disguised as a .doc file attached to a spam email. Therefore, before opening any unsolicited email, make sure your first check for the web addresses or email sources. Presently, the GandCrab ransomware can only spread via .doc files, so be vigilant enough to check for files with a .doc extension in spam emails or on social media sites.

This new ransomware variant relaunches itself at random intervals using the following command “C:\Windows\system32\wbem\wmic.exe” which creates “cmd /c start %Temp%/[launched_file_name].exe”. This keeps popping up until the user accepts the UAC prompt and presses “Yes”. After all your files are encrypted, you will find a ransom note named as “GDCB-DECRYPT.txt” on your entire system.

The GandCrab ransomware developers demand a ransom in DASH, a new crypto-currency entrant in the world of cybercrime from the users in exchange for the decryptor. These ransomware developers target people having less technical knowledge and skill so that they could pay the ransom out of fear of losing their vital business or personal data.

Defending GandCrab Ransomware

Currently, there is no strong defence developed to decrypt the files encrypted by GandCrab ransomware. Therefore, do not take any undesired action out of fear by making the payment even if the ransomware warns you of the upcoming deadline for making the payment. Before paying the ransom to the cybercrooks, make sure you do additional research on this issue.

In addition, keep all your software and browsers up-to-date. Protect your computer with a powerful all in one PC security software that offers risk-free antivirus protection against ransomware. If you suspect ransomware having infected your system or if you realize that you have accidentally downloaded a .doc file on your computer, disconnect your computer from the internet at once. This can help you save your files from being encrypted. However, when the internet connection is restored, the ransomware will automatically connect to its web server and resume file encryption.