A new and unusual family of ransomware has met its match after a ransomware tool backed by Europol turned into freeware.
GandGrab, a ransomware that first appeared in January and quickly claimed over 53,000 victims around the world had the Europol label it as “one of the most aggressive forms of ransomware this year. Victims suffered losses from a few hundred dollars up to thousands. The ransomware is particularly unique in the way it spreads using exploit kits, a method of dispersal usually seen among trojans while demanding payments in Dash, a lesser-known cryptocurrency unlike the usual go-tos in bitcoin or monero.
“GandCrab spreads through malicious advertisements published on compromised websites or through fictitious invoices sent as attachments in email,” Europol explained. “Once installed upon a victim’s computer, the ransomware encrypts the files on the infected system, offering a decryption key in return for a ransom payment of USD 300 – 500 in the DASH virtual currency.”
The operators of GandGrab remain unknown. However, the ransomware has been pedaled on Russian underground hacker forums with those launching the ransomware instructed not to targeted Russia or any other country in the Commonwealth of Independent States of former Soviet Republics.
The spread of the ransomware has also been spurred on by a cybercrime-as-a-service scheme that offers a toolkit for deploying the strain in return for cybercriminals giving the authors a cut of the profits gained.
The decryption tool, meanwhile, has been released by the No More Ransom Initiative after an operation by the Romanian Police, Europol, the Directorate for Investigating Organized Crime and Terrorism (DIICOT) and Bitdefender.
Bitdefender’s senior director of the investigations and forensic unit Catalin Cosoi added:
Ransomware has become a billion-dollar cash cow for malware authors, and GandCrab is one of the highest bidders.
Image credit: Pixabay.