BtCIRT has been recently reported of few instance of system files being encrypted by a ransomware family called GandCrab, therefore we urge all users to be alerted and take precaution.
1. Description:
GandCrab is a Ransomware that encrypts almost all file types on affected system with a ransom message displayed insisting to make payment using crypto currency to decrypt the data.
2. Distribution mechanism:
Email attachment , cracked softwares, websites, fake software updaters, trojans, exploit kits and untrustworthy software download sites are some of the means used to infect and then exploit vulnerabilities in installed, outdated softwares of the target machine.
3. Systems Affected : Windows XP, 7,8,10
4. Protection:
-
- Always backup data you cannot afford to lose.
- Keep all your softwares updated.
- Do Not open links and attachments in email unless you are expecting it, even when it appears to be from someone you know.
- Download softwares from trustworthy legitimate source only, and never never use cracked softwares.
- Update softwares using the tools provided by the developer and not by any other means.
- Have an antivirus installed, enabled and updated
- Ensure that programs and users of the computer are given the lowest level of privileges necessary for operation.
- Immediately disconnect compromised system from the network to prevent threats from spreading further.
- Disable Microsoft office Macros unless it is required
5. Decryption:
Luckily Decrypt Tool is available for GandCrab (V1, V4 and V5 up to V5.1 versions) and HowToGuide is also provided by nomoreransom project .
For most of the recent ransomware, decryption is impossible without the involvement of the criminals but paying a ransom is not at all recommended, by doing this you are trusting the criminals and empowering them to commit more crime.
Your first step should be obtaining a full copy of data on encrypted system since security researchers are working everyday to develop decryption tools.
Reference:
- https://labs.bitdefender.com/2018/10/gandcrab-ransomware-decryption-tool-available-for-free/
- https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/gandcrab-ransomware-puts-the-pinch-on-victims/
- https://www.symantec.com/security-center/writeup/2018-013106-5656-99
- https://blog.malwarebytes.com/detections/ransom-gandcrab/