Home Malware Programs Ransomware GandCrab3 Ransomware

GandCrab3 Ransomware

Posted: April 30, 2018

The GandCrab3 Ransomware is an update of the GandCrab Ransomware family and continues the first Trojan's attacks by encrypting and locking your files. New '.CRAB' extensions and Notepad ransoming warnings are some of the other symptoms associated with an infection. Having anti-malware programs that can delete the GandCrab3 Ransomware, and backups for restoring your media, are the traditional recommendations against both it and all members of its family.

Your Files might Feel a Little Crabby Again

Victims are appearing with evidence of a brand-new variant of the GandCrab Ransomware family after having their files locked. The GandCrab3 Ransomware's infection vectors are active as of late April and may be targeting Russia and nearby regions, such as Ukraine, in particular. Unfortunately, malware experts, still, are noting the absence of a viable decryptor for its family that could recover the victims' files freely.

The GandCrab3 Ransomware uses the secure encryption method of AES-256 in CBC mode, along with RSA-2048, for locking the files of the compromised PC. While the GandCrab3 Ransomware doesn't corrupt the Windows OS, it does take documents, images, and other, general-purpose formats of media hostage, while also inserting '.CRAB' extensions in their names. This change in cryptography sets the GandCrab3 Ransomware apart from the first GandCrab Ransomware, which uses XOR-based enciphering.

Most of the symptoms of the GandCrab3 Ransomware infections are similar to those of both GandCrab Ransomware and its second variant, the GandCrab2 Ransomware. These issues include:

  • Any files that the Trojan locks, as noted above, will not open in their associated applications.
  • The GandCrab3 Ransomware generates a Notepad message that delivers its ransoming demands of paying money in return for a possible decryptor. The specification of Jabber-based messaging with the threat actor is unique to this Trojan relatively. Despite the general geo-targeting evidence, all of these instructions are in English.
  • The victim also may see supplementing warnings, including a hijacked desktop background, advanced HTML pop-ups or a redirected browser.

Putting File-Snipping Crabs Back in the Bucket

In the past, the threat actors of the GandCrab Ransomware family have shown minimal discrimination between their targets. Spammed e-mail messages pretending to be invoices or other, non-hostile content, as well as exploit kit-using corrupted advertisements, are two of the strategies seen in use with old versions of this threat. However, the GandCrab3 Ransomware's current infection methodology isn't verifiable by malware experts, and its admins may be using different tactics, for this wave.

Both organizations, such as private business servers or government networks, as well as casual PC owners, can use various methods of defending their files. Scanning your downloads with appropriate security software, updating all vulnerable programs, disabling scripts and macros and limiting RDP settings will eliminate many of the exploits that malware experts associate with file-locker Trojans. Many anti-malware products also can block or uninstall the GandCrab3 Ransomware and the other members of its family without any notable problems.

Old Trojans will not stop becoming new again until the average PC user is no longer susceptible to the same, aged attacks. With threats like the GandCrab3 Ransomware in distribution globally, there's nowhere that's so safe to live that you can forget to back up your work.

Loading...