GandCrab2 Ransomware
Posted: March 6, 2018
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 6/10 |
|---|---|
| Infected PCs: | 61 |
| First Seen: | October 10, 2024 |
|---|---|
| OS(es) Affected: | Windows |
The GandCrab2 Ransomware is a file-locking Trojan that uses encryption for blocking different formats of media. These attacks also include accompanying ransoming instructions from threat actors demanding money for the decryption solution to unblock your files. Previous versions of the GandCrab2 Ransomware, such as the GandCrab Ransomware, are decryptable by free software, although malware experts have yet to determine the compatibility of these solutions with the GandCrab2 Ransomware. Keep backups of your work for eliminating this danger, and use anti-malware software for uninstalling the GandCrab2 Ransomware.
File-Pinching Crabs Evolving with the Times
As freeware options for recovering the files that Trojans try to hold hostage appear, threat actors can choose to respond by either switching or updating their threats, although the latter isn't always effectual. The previously-invalidated GandCrab Ransomware, which is significant for preferring Dash, instead of traditional, Bitcoin payments, now has a new variant with more secure encryption than its predecessor theoretically. Although the first GandCrab has already seen version releases of up to 2.3, this landmark update is identifiable as the GandCrab2 Ransomware.
The GandCrab2 Ransomware still asks for Dash cryptocurrency for recovering your locked files, but there are changes to some of its superficial and even more baseline characteristics. The threat actors are delivering a different ransom note ('CRAB-DECRYPT.txt'), append the extension of '.CRAB' to the ends of the file names, and also provide links to a different TOR-anonymized website for the details of the ransom transactions. These are the types of changes most typical in Ransomware-as-a-Service families that rent their Trojans out to other threat actors.
The GandCrab2 Ransomware's multinational campaign keeps its basis of using non-consensual encryption for the locking of the victim's files. Expected targets of such attacks usually include Word or Adobe documents, other Microsoft Office media, different formats of pictures, archives, and music or audio. Malware analysts have yet to confirm whether the GandCrab2 Ransomware's new encryption routine is unbreakable, although its authors are promoting this update with the intention of invalidating previous freeware decryptors.
Keeping Your Software from Being a Little Crabby
Restoring any files that the GandCrab2 Ransomware locks always should go through free solutions before any consideration of paying the ransom, which the cybercrooks can accept without giving the victim a real decryption application. When testing free decryption programs, malware experts advise copying your locked files, first, if the decryptor causes unintentional data corruption and renders the file unrecoverable. Secure backups, such as a cloud storage service, are the preferred means of defending media against file-locking Trojans.
While the GandCrab2 Ransomware's small family is significant for its wide geographical spread, malware experts can't predict all of its infection vectors completely. E-mail attachments and brute-force attacks against networks with improper password management are two of the strategies that threat actors employ against a government, NGO or corporate target. Recreational PC owners are more likely of compromising their PCs by browsing unsafe websites or downloading compromised torrents. Anti-malware programs should be capable of deleting the GandCrab2 Ransomware safely, as long as they were accurate against the first GandCrab Ransomware adequately.
Thanks to some cybercrooks who also have a real work ethic, what works for 'fixing' a Trojan problem may not be pertinent a week afterward. Taking decryption for granted is a poor excuse for not backing up files or otherwise protecting your computer's data.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.