Recently, a new ransomware has been released and it has peculiarities that make it unique until now than other severe ransomware. As this new ransomware distributed through exploit kits and some of its features have not been used before by any similar malware.
OMG! This New Ransomware Has ‘Never-Before-Seen’ Features
A new ransomware called GandCrab has been released recently and it has peculiarities that make it unique until now. It is distributed through exploit kits. Some of its features have not been used before by any similar malware.
GandCrab, the first ransomware using DASH
One of these singularities is that it has been the first ransomware to accept the DASH cryptocurrency. We recently saw that cybercriminals had put aside Bitcoin to accept payments when they infected victims with ransomware.
On this occasion, GandCrab managers ask for a rescue through DASH. This is one of the many cryptocurrencies we can find today. It is one of those that are hovering around the top 10 in capitalization.
DASH was built with privacy as a goal. That is why its tracking is much more difficult on the part of the police. This favours the use of cybercriminals.
As we know, the function of ransomware is to encrypt the files and folders of a computer. In return, the cybercriminal asks for an economic rescue to free them. This rescue in many cases is through a cryptocurrency. Bitcoin or, in this case, DASH.
Recently we also saw the case of HC7, the first ransomware that used Ethereum as a payment method.
Returning to GandCrab, it was discovered by security researcher David Montenegro. The researchers quickly came together to analyze the ransomware and publish their results on Twitter. Unfortunately, at this time there is no way to decrypt files encrypted by GandCrab for free.
Advertising campaign
According to the information given by the researchers, GandCrab is currently being distributed through a malicious advertising campaign called Seamless that then introduces visitors to the RIG exploit kit. This kit tries to use vulnerabilities in the visitor’s software to install GandCrab without their permission.
Another interesting and novel feature is the use of GandCrab of the high-level domain NameCoin .BIT. It is not a TLD that is recognized by the Internet Corporation for Assigned Names and Numbers, but it is managed by the decentralized domain name system of NameCoin.
This means that any software that wants to resolve a domain name that uses .BIT TLD, must use a DNS server that supports it. GandCrab does this by doing DNS queries using DNS server a.dnspod.com, which is accessible on the Internet and can also be used to resolve .bit domains.
GandCrab uses these .bit domains as addresses for its command and control servers.
The GandCrab developers are using the NameCoin DNS, as it makes it difficult for security forces to track the domain owner and dismantle the domains.
As we always say, the best protection against ransomware is to make backups frequently. Also, common sense is important. This is so since most of this type of malware requires user interaction. Having security programs and tools is vital to be able to cope with possible threats that endanger the proper functioning of our equipment.
So, what do you think about this? Simply share all your views and thoughts in the comment section below.
