Print Friendly, PDF & Email

BtCIRT has been recently reported of few instance of system files being encrypted by a ransomware family called GandCrab, therefore we urge all users to be alerted and take precaution.

1. Description:

GandCrab is a Ransomware   that encrypts almost all file types on affected system with a ransom message displayed insisting to make payment using crypto currency to decrypt the data.

2.  Distribution mechanism:  

Email attachment , cracked softwares, websites, fake software updaters, trojans, exploit kits  and untrustworthy software download sites are some of the means used to infect and then exploit vulnerabilities in installed, outdated softwares of the target machine.

3. Systems Affected : Windows XP, 7,8,10

4. Protection:

    1. Always backup data you cannot afford to lose.
    2. Keep all your softwares updated.
    3. Do Not open links and attachments in email unless you are expecting it, even when it appears to be from someone you know.
    4. Download softwares from trustworthy legitimate  source only, and never never use cracked softwares.
    5. Update softwares using the tools provided by the developer and not by any other means.
    6. Have an antivirus installed, enabled  and updated
    7. Ensure that programs and users of the computer are given the lowest level of privileges necessary for operation.
    8. Immediately disconnect  compromised system from the network  to prevent threats from spreading further.
    9. Disable Microsoft office Macros unless it is required

5. Decryption:

Luckily  Decrypt Tool   is available for  GandCrab (V1, V4 and V5 up to V5.1 versions) and HowToGuide  is also provided by nomoreransom project .

For  most of the recent ransomware, decryption is impossible without the involvement of the criminals but paying a ransom is not at all recommended, by doing this you are trusting the criminals and empowering them to commit more crime.

Your first step should be obtaining a full copy of data on encrypted system since security researchers are working everyday to develop decryption tools.

Reference:

  1. https://labs.bitdefender.com/2018/10/gandcrab-ransomware-decryption-tool-available-for-free/
  2. https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/gandcrab-ransomware-puts-the-pinch-on-victims/
  3. https://www.symantec.com/security-center/writeup/2018-013106-5656-99
  4. https://blog.malwarebytes.com/detections/ransom-gandcrab/