{"id":10674,"date":"2018-04-30T10:17:34","date_gmt":"2018-04-30T00:17:34","guid":{"rendered":"https:\/\/www.backupassist.com\/blog\/?p=10674"},"modified":"2018-04-30T10:17:34","modified_gmt":"2018-04-30T00:17:34","slug":"beware-the-gandcrab-new-ransomware-threat","status":"publish","type":"post","link":"https:\/\/www.backupassist.com\/blog\/beware-the-gandcrab-new-ransomware-threat","title":{"rendered":"Beware the GandCrab: New Ransomware Threat"},"content":{"rendered":"

A strange new ransomware strain, GandCrab, is making the rounds – and it’s using social engineering to trick users into downloading it.<\/p>\n

GandCrab is being sent out as part of a mass spam campaign to tens of thousands of users per day. Servers hosted by the US are by far the most common target.<\/p>\n

Users with machines infected with GandCrab are being directed to a Tor-only accessible site where they can purchase a decryption key. The ransom is doubled if the payment is not made within a set period of time.<\/p>\n

Unusually, the ransom must be made with Dash Cryptocurrency instead of BitCoin. This is likely because Dash is faster to process and harder to track.<\/p>\n

The phishing emails use fairly common social engineering techniques: mentioning payments, tickets, invoices, and orders. They contain a Javascript attachment that, when executed, downloads the GandCrab ransomware from a malicious URL.<\/p>\n

\"\"<\/p>\n

\"\"<\/p>\n

When the ransomware activates, it uses an RSA algorithm to encrypt the victim’s files, then adds “.GDCB” and “.CRAB” to their extensions.<\/p>\n

The makers of GandCrab are selling their ransomware on a top-tier Rushian hacking forum as Ransomware-as-a-Service, with the creators taking up to 60 per cent of ransom fees paid to their clients. And in exchange, the creators perversely offer step-by-step instructions via the use of a ticketing system.<\/p>\n

Even more strangely, the ransomware has terms and conditions. The authors explicitly instruct users not to target Russia, or any other country in the Commonwealth of Independent States of former Soviet republics.<\/p>\n

How to Stop GandCrab<\/h4>\n

Researchers at security company Fortinet<\/a> have warned those infected with GandCrab not to pay the ransom, because “this does not guarantee any actions from the threat actors.”<\/p>\n

This falls in line with recent figures<\/a> that show only a quarter of those who pay a ransom actually get their files decrypted. The experts advised the best response is to “always have a backup stored in an isolated network environment in order to successfully recover a compromised system,” as well as exercising “good cyber hygiene and safe practices.”<\/p>\n

If you’re running a Windows-based server, BackupAssist<\/a> is a backup and disaster recovery solution that comes with a cutting-edge ransomware defense tool (CryptoSafeGuard<\/a>). Not only does this combine the best aspects of ransomware defense, it also compliments other solutions such as anti-malware software and firewalls.<\/p>\n","protected":false},"excerpt":{"rendered":"

A new strain of ransomware, GandCrab, is on the loose. Here’s the signs you should look for, and how to protect your users and machines.<\/p>\n","protected":false},"author":3,"featured_media":10675,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23],"tags":[623,634,689,690,469,311],"class_list":["post-10674","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-cryptosafeguard","tag-featured","tag-fortinet","tag-gandcrab","tag-raas","tag-ransomware"],"yoast_head":"\nBeware the GandCrab: A New Ransomware Threat<\/title>\n<meta name=\"description\" content=\"A new strain of ransomware, GandCrab, is on the loose. Here's the signs you should look for, and how to protect your users and machines.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.backupassist.com\/blog\/beware-the-gandcrab-new-ransomware-threat\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Beware the GandCrab: A New Ransomware Threat\" \/>\n<meta property=\"og:description\" content=\"A new strain of ransomware, GandCrab, is on the loose. Here's the signs you should look for, and how to protect your users and machines.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.backupassist.com\/blog\/beware-the-gandcrab-new-ransomware-threat\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Resilience Blog\" \/>\n<meta property=\"article:published_time\" content=\"2018-04-30T00:17:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2018\/04\/gandcrab-honor-among-thieves-thumb.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1348\" \/>\n\t<meta property=\"og:image:height\" content=\"744\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Adam Ipsen\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Adam Ipsen\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/beware-the-gandcrab-new-ransomware-threat#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/beware-the-gandcrab-new-ransomware-threat\"},\"author\":{\"name\":\"Adam Ipsen\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/#\/schema\/person\/7a3a759eceffd2e597d435c34ed3519d\"},\"headline\":\"Beware the GandCrab: New Ransomware Threat\",\"datePublished\":\"2018-04-30T00:17:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/beware-the-gandcrab-new-ransomware-threat\"},\"wordCount\":389,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/beware-the-gandcrab-new-ransomware-threat#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2018\/04\/gandcrab-honor-among-thieves-thumb.png\",\"keywords\":[\"cryptosafeguard\",\"featured\",\"Fortinet\",\"GandCrab\",\"RaaS\",\"ransomware\"],\"articleSection\":[\"News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.backupassist.com\/blog\/beware-the-gandcrab-new-ransomware-threat#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/beware-the-gandcrab-new-ransomware-threat\",\"url\":\"https:\/\/www.backupassist.com\/blog\/beware-the-gandcrab-new-ransomware-threat\",\"name\":\"Beware the GandCrab: A New Ransomware Threat\",\"isPartOf\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/beware-the-gandcrab-new-ransomware-threat#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/beware-the-gandcrab-new-ransomware-threat#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2018\/04\/gandcrab-honor-among-thieves-thumb.png\",\"datePublished\":\"2018-04-30T00:17:34+00:00\",\"description\":\"A new strain of ransomware, GandCrab, is on the loose. Here's the signs you should look for, and how to protect your users and machines.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/beware-the-gandcrab-new-ransomware-threat#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.backupassist.com\/blog\/beware-the-gandcrab-new-ransomware-threat\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/beware-the-gandcrab-new-ransomware-threat#primaryimage\",\"url\":\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2018\/04\/gandcrab-honor-among-thieves-thumb.png\",\"contentUrl\":\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2018\/04\/gandcrab-honor-among-thieves-thumb.png\",\"width\":1348,\"height\":744},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/beware-the-gandcrab-new-ransomware-threat#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.backupassist.com\/blog\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Beware the GandCrab: New Ransomware Threat\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/#website\",\"url\":\"https:\/\/www.backupassist.com\/blog\/\",\"name\":\"Cyber Resilience Blog\",\"description\":\"Protect Your Cloud Data with BackupAssist\",\"publisher\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.backupassist.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/#organization\",\"name\":\"Cyber Resilience Blog\",\"url\":\"https:\/\/www.backupassist.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2019\/09\/BA-Logo-Full-Logo.svg\",\"contentUrl\":\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2019\/09\/BA-Logo-Full-Logo.svg\",\"caption\":\"Cyber Resilience Blog\"},\"image\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/#\/schema\/person\/7a3a759eceffd2e597d435c34ed3519d\",\"name\":\"Adam Ipsen\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d1cb7aaf3e3a12c73b037ce2cd62192517634d57a26edc34ff6b01f40fce1a50?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d1cb7aaf3e3a12c73b037ce2cd62192517634d57a26edc34ff6b01f40fce1a50?s=96&d=mm&r=g\",\"caption\":\"Adam Ipsen\"},\"url\":\"https:\/\/www.backupassist.com\/blog\/author\/adam-ipsen\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Beware the GandCrab: A New Ransomware Threat","description":"A new strain of ransomware, GandCrab, is on the loose. Here's the signs you should look for, and how to protect your users and machines.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.backupassist.com\/blog\/beware-the-gandcrab-new-ransomware-threat","og_locale":"en_US","og_type":"article","og_title":"Beware the GandCrab: A New Ransomware Threat","og_description":"A new strain of ransomware, GandCrab, is on the loose. Here's the signs you should look for, and how to protect your users and machines.","og_url":"https:\/\/www.backupassist.com\/blog\/beware-the-gandcrab-new-ransomware-threat","og_site_name":"Cyber Resilience Blog","article_published_time":"2018-04-30T00:17:34+00:00","og_image":[{"width":1348,"height":744,"url":"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2018\/04\/gandcrab-honor-among-thieves-thumb.png","type":"image\/png"}],"author":"Adam Ipsen","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Adam Ipsen","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.backupassist.com\/blog\/beware-the-gandcrab-new-ransomware-threat#article","isPartOf":{"@id":"https:\/\/www.backupassist.com\/blog\/beware-the-gandcrab-new-ransomware-threat"},"author":{"name":"Adam Ipsen","@id":"https:\/\/www.backupassist.com\/blog\/#\/schema\/person\/7a3a759eceffd2e597d435c34ed3519d"},"headline":"Beware the GandCrab: New Ransomware Threat","datePublished":"2018-04-30T00:17:34+00:00","mainEntityOfPage":{"@id":"https:\/\/www.backupassist.com\/blog\/beware-the-gandcrab-new-ransomware-threat"},"wordCount":389,"commentCount":0,"publisher":{"@id":"https:\/\/www.backupassist.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.backupassist.com\/blog\/beware-the-gandcrab-new-ransomware-threat#primaryimage"},"thumbnailUrl":"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2018\/04\/gandcrab-honor-among-thieves-thumb.png","keywords":["cryptosafeguard","featured","Fortinet","GandCrab","RaaS","ransomware"],"articleSection":["News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.backupassist.com\/blog\/beware-the-gandcrab-new-ransomware-threat#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.backupassist.com\/blog\/beware-the-gandcrab-new-ransomware-threat","url":"https:\/\/www.backupassist.com\/blog\/beware-the-gandcrab-new-ransomware-threat","name":"Beware the GandCrab: A New Ransomware Threat","isPartOf":{"@id":"https:\/\/www.backupassist.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.backupassist.com\/blog\/beware-the-gandcrab-new-ransomware-threat#primaryimage"},"image":{"@id":"https:\/\/www.backupassist.com\/blog\/beware-the-gandcrab-new-ransomware-threat#primaryimage"},"thumbnailUrl":"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2018\/04\/gandcrab-honor-among-thieves-thumb.png","datePublished":"2018-04-30T00:17:34+00:00","description":"A new strain of ransomware, GandCrab, is on the loose. Here's the signs you should look for, and how to protect your users and machines.","breadcrumb":{"@id":"https:\/\/www.backupassist.com\/blog\/beware-the-gandcrab-new-ransomware-threat#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.backupassist.com\/blog\/beware-the-gandcrab-new-ransomware-threat"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.backupassist.com\/blog\/beware-the-gandcrab-new-ransomware-threat#primaryimage","url":"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2018\/04\/gandcrab-honor-among-thieves-thumb.png","contentUrl":"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2018\/04\/gandcrab-honor-among-thieves-thumb.png","width":1348,"height":744},{"@type":"BreadcrumbList","@id":"https:\/\/www.backupassist.com\/blog\/beware-the-gandcrab-new-ransomware-threat#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.backupassist.com\/blog"},{"@type":"ListItem","position":2,"name":"Beware the GandCrab: New Ransomware Threat"}]},{"@type":"WebSite","@id":"https:\/\/www.backupassist.com\/blog\/#website","url":"https:\/\/www.backupassist.com\/blog\/","name":"Cyber Resilience Blog","description":"Protect Your Cloud Data with BackupAssist","publisher":{"@id":"https:\/\/www.backupassist.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.backupassist.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.backupassist.com\/blog\/#organization","name":"Cyber Resilience Blog","url":"https:\/\/www.backupassist.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.backupassist.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2019\/09\/BA-Logo-Full-Logo.svg","contentUrl":"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2019\/09\/BA-Logo-Full-Logo.svg","caption":"Cyber Resilience Blog"},"image":{"@id":"https:\/\/www.backupassist.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.backupassist.com\/blog\/#\/schema\/person\/7a3a759eceffd2e597d435c34ed3519d","name":"Adam Ipsen","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.backupassist.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d1cb7aaf3e3a12c73b037ce2cd62192517634d57a26edc34ff6b01f40fce1a50?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d1cb7aaf3e3a12c73b037ce2cd62192517634d57a26edc34ff6b01f40fce1a50?s=96&d=mm&r=g","caption":"Adam Ipsen"},"url":"https:\/\/www.backupassist.com\/blog\/author\/adam-ipsen"}]}},"_links":{"self":[{"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/posts\/10674","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/comments?post=10674"}],"version-history":[{"count":0,"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/posts\/10674\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/media\/10675"}],"wp:attachment":[{"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/media?parent=10674"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/categories?post=10674"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/tags?post=10674"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}