There was a new program extortioner infecting computers of the victims by means of loading of the infected PDF files. Before going deep into details, issuing of BTCManager reminds all readers what is necessary shows the maximum caution when loading the PDF files received from unknown senders.
What is GandCrab?
The approaching threat came under the spotlight after LMNTRIX, the Australian company which is engaged in information security in February 2018 published the report in which it was claimed that there was a new virus extortioner which received the name “GandCrab”. The virus extends on a darknet as means of extortion and the tool for cybercriminals. The contents of advertising materials are executed in Russian, specialists in information security added.
If the term the program extortioner is not a bell ring yet, means it is time to research security risk more in details. While the program is rather new, it represents one of the worst forms of malicious software which you risk to face.
In case of computer infection, the program extortioner ciphers contents of disks, doing it unavailable. The only way which the victim can hope to recover access to the content is to pay repayment to criminals.
According to the report made by the company LMNTRIX, GandCrab it is made in such a way that everyone can buy it online in a darknet. As soon as they buy it, the buyer becomes the member of a distributed network of GandCrab. All money transferred by the victims of extortioners then is separated between developers and users of the program extortioner in the ratio 60:40. Nevertheless, members have an opportunity to increase the shares to 70 percent if at them it turns out to infect the bigger number of computers successfully.
However, there are several conditions for execution before agents can begin operation. To use repayment and to earn money, participants shall register on a network and submit the application. Besides, members of a network are forbidden to use the software against users from the countries of the former Soviet Union, including the Commonwealth of Independent States (CIS).
How does GandCrab work?
In the report of LMNTRIX, it is said that GandCrab uses sets of the RIG and GrandSoft exploits for distribution and the attack to target computers. This case is a little unique, considering that the mentioned sets of exploits traditionally are associated with malicious applications for cracking, such as trojans and miners of cryptocurrencies.
In the past, there were no messages about other programs extortioners which are constructed on the basis of sets of exploits. It is even more surprising that for the GandCrab program sets of exploits which as it was read earlier, already went out of use were used.
Among other things, in the report of the LMNTRIX company, it is also claimed that servers of the program extortioner use the domain zone .bit. This information is extremely important, considering that the .bit domain is not included in the traditional list of the ICANN DNS servers, purchase of domains in this zone is possible only with the use of cryptocurrency. According to unofficial information, the Dash cryptocurrency which is a preferable choice in cases when higher anonymity is necessary is used.
Each coin of Dash is equivalent to about 740 US dollars. The repayment amount in the GandCrab program extortioner makes 1,5 tokens that approximately 1100 US dollars equal. If the victim does not pay repayment at the scheduled time, its amount doubles.