GandCrab is a Newly-found Ransomware Spread via Exploit Kits

Technology > Security

Photo Credit via Pixabay


A new form of ransomware called GandCrab has been spotted and it is currently being distributed through exploit kits, which are supposedly designed to find vulnerabilities in software installed on devices and systems. 

Cybersecurity firm Malwarebytes’ researchers claim that GandCrab was distributed via RIG and GrandSoft exploit kits. In the RIG exploit kit, the ransomware takes advantage of the vulnerabilities in Flash Player and Internet Explorer in order to launch the VBscript-based, JavaScript, and Flash attacks that eventually distribute malware to the device users.

On the other hand, the ransomware distributed via GrandSoft uses the vulnerability in the Java Runtime Environment. The JRE is a group of software tools used for Java applications development. The researchers claim that with GandCrab in the system, attackers may remotely execute the code to spread the malware.

The Malwarebytes team highlights that GandCrab is not like other ransomware that demands payment from well-known Bitcoin currency. Instead, it targets a less popular cryptocurrency called Dash. The researchers viewed this move by attackers as targeting those with lower transaction fees compared to the BTC.

The researcher adds that there is currently no method to decrypt the newly-found ransomware files for free. They encourage users to ensure their patches and software updates so that exploit kits cannot distribute the ransomware.