Source: IBM Security & #8211; August 16, 2018
Reverse engineering safety researchers have updated the GandCrab ransomware and discovered new features that improve their ability to avoid detection and prevent defense teams from reviewing.
First discovered in January, the GandCrab is now the most powerful threat of its kind., whether targeted at a single person or an entire company, according to a July 31 McAfee threat report.
O GandCrab It is similar to its peers in that it tricks users into installing them, locks them from their devices, and requires payment in cryptocurrency before restoring access. These new attacks of ransomware can be introduced through various attack vectors, from traditional phishing emails to Trojan horses, fake programs, and exploit kits.
New ransomware attacks hidden in encryption layers
While a number of bugs in the code of the GandCrab suggests that the ransomware It's not the work of professionals, according to the researchers, it has unique features that should put security teams on high alert. Newer versions, for example, use an algorithm called Salsa20 to encrypt files instead of slower and less efficient alternatives such as Advanced Encryption Standard (AES) and RSA.
When generating random Salsa20 keys and initialization vectors for each file, the GandCrab essentially protects itself with a series of layers of encryption that prevent victims from opening again. Security teams would need a private key to access the embedded public key. Also, as the GrandCrab excludes itself and all shadow volumes that could remain on an infected device, it is difficult for researchers to learn about new ransomware after the fact.
Defend your data with one last hold
Given how quickly this ransomware has become valuable to cybercriminals and the promotion it may be getting in clandestine forums, it is not always possible to turn off the GandCrab of corporate networks. In your “Ransomware Answer Guide”, O IBM X-Force recommends a method called last resort containment to help organizations respond when they cannot quickly or easily find out where new attacks are coming from. ransomware.
About [SAFEWAY]
THE [SAFEWAY] is a widely recognized company as a provider of premium information security and cybersecurity solutions. From its extensive portfolio, we highlight several solutions, including those based on platforms:
- Archer da RSA Security, considered by the institutes Gartner and Forrester and by the market itself, the most complete process integration solution for Governance, Risk Management, Compliance and Business Continuity Management;
- [SAFEWAY]Security Tower, supported by IBM Qradar (Watson technology), tailored to each organization in its security and cyber defense management needs.
- And others, involving technologies Imperva, Thales, BeyondTrust, Manly, WatchGuard Technologies.