The operators of
Gandcrab ransomware are continuously maintaining and developing the ransomware
and have released five different variants with no major difference between any
two versions and the ransomware is known to be extra secured as it uses the “.bit”
top-level domain which is not sanctioned by ICANN.
Gandcrab was distributed
via various vectors that include exploit kits, spam mail, affiliated malware
campaign and other social engineering methods. Along with plenty of malicious spam
emails, attackers resort to ‘GrandSoft’ and ‘RIG’, two of the most popular
exploit kits in order to distribute GandCrab. These spam emails are configured
to befool users and make them download a script which further will download the
ransomware and execute it.
Researchers have
found that Gandcrab authors have made over $2billion from ransom payments,
averaging around 2.5 million dollars per week. As per the observations made by
David Montenegro and Damian, the owners of the ransomware told that they are to
put their operations to an end now, after earning huge chunks of money (more
than 150 million dollars a year) and cashing it out through legitimate sources.
The operators
have discontinued the promotions of the ransomware and asked the concerned affiliates
to terminate the distribution of the ransomware within the next 20 days. They
have also asked the victims to pay the ransom; otherwise, the key will be deleted.
However, it’s still a matter of question that whether the keys will be released
after the authors shut down their operations.
Although,
ransomware has been a constant threat in the field of cybersecurity for a long
time but now it’s even deadlier due to the efforts invested by the threat
actors in its development. Users are advised to stay equipped with products like
‘Acronis True Image 2019’ in order to stay protected against such ransomware
attacks.
