A new ransomware attack called Gandcrab is now around and is spreading via email, taking advantage of the past Valentine’s Day festivities.
In fact, in the subject of Gandcrab, we find phrases like “Wrote my thoughts down about you” or “Felt in love with you” and an attached file with the words “Love_You_2018”.
The ransomware attacks computers, encrypting all the files. To unlock them, the user will have to make a payment in crypto.
The analysis of the attack was made by the team of Mimecast who found that criminals have used services that provide ransomware like Ransomware-as-a-Service(RaaS).
This service allows you to exclude all PCs that use a Russian configuration of the keyboard, a clear signal that the attackers wanted to exclude Russian citizens, perhaps because the criminals are just inhabitants of the country.
The ransomware allows identifying the victim since each encrypted file is assigned a URL and a specific token to better identify the user affected.
The virus then redirects to a tool to decrypt the computer that can be paid either in Dash or in bitcoin. It is not recommended to make the payment as you are not sure that the files are actually recovered.
The positive thing, however, is that this type of ransomware has been operating for a long time and software for data recovery have been developed for previous versions of the virus, so most likely soon a new data recovery software will be prepared for this version 5.0.4 too.