Table of Contents
The new version of GandCrab ransomware has appeared and it is more dangerous than ever.
This ransomware’s TOR website contains hidden chat which is private, and it can be enabled using the discount codes.
This helps the data recovery companies to hide the cost of the GandCrab ransomware decryption process from its customer.
The new version of the GandCrab ransomware was released within 24 hours of the release of the free decryption tool for version 5.0 – 5.0.3. This tool was developed only a few months back and before it was scheduled to release for the public the new version of the GandCrab ransomware emerged which is more dangerous than ever. The new version that was released was GandCrab v5.1.
The new version of GandCrab that was released comes with the variety of distribution changes and UX updates to the GandCrab TOR sites this was according to the extensive report from Coveware.
Distribution Techniques and Multiple attack vectors:
According to the researchers, the main attack vector of the ransomware remains RDP ports but GandCrab works on different distribution methods. Although ransomware based on RDP are most popular, but automatic attacks using exploit kits such as Emotet, Fallout EK or credential stealers like Vidar have been connected to GandCrab ransomware infections also.
Using the largely available toolkits the ransomware developers have increased the size of GandCrab ransomware.
Private Chat which is Hidden:
The GandCrab ransomware’s TOR website has a hidden private chat window which can be enabled using the discount codes provided. This hidden chat window helps the deceitful data recovery company to hide the final price of the decryption process from the customers with their chats with GandCrab support.
These discount codes are requested on the chats; however, these discount codes can only be activated on the targeted systems.
Once these discount codes are entered, the discounted price and the discount percentage is shown to the users. These discounted codes range from 5-20% depending upon the ransom asked. These are the fake discounted codes and it hides the original price of the decryption process.
Also Read : Building Blocks Of Cyber Security
After entering the codes, the process of payments remains the same as GandCrab v5.1, however, the affected users will have to pay the ransom in Dash instead of Bitcoin. The wallet address is unique for each page and this is rigged to trigger an updated screen on the TOR website when the right amount of coins is transferred into the wallet.
Ransomware attacks are increasing day by day and innocent users are becoming victims. Everyday users are getting infected by ransomware and with the continuous upgradation of the ransomware infections, it is becoming very hard to decrypt the files that are encrypted by the ransomware.