GandCrab ransomware: How does it differ from previous versions?

A fourth version of the GandCrab ransomware was discovered in July 2018, but researchers are just starting to understand the extent of the changes. How does this version of GandCrab ransomware differ from previous versions and who is at risk?

For many complex reasons, legacy systems may be present in an environment, and the options to secure them can be very limited. This makes them a particularly high-risk vector for attacks and, consequently, incident response costs could be significant. Likewise, there is an emerging trend of ransomware targeting those legacy systems.

An update to the GandCrab ransomware was identified in July 2018. Some of the changes included the use of the EternalBlue exploit in an attack against vulnerable Windows systems via the server message block and over the network into a ransomware worm. This update enabled hackers to target Windows XP and Windows Server 2003 systems.

Likewise, the new GandCrab attack includes functionality so that it doesn’t need a command-and-control mechanism to operate, making it easier to attack an air-gapped environment. According to Fortinet, the update also changed the attack’s encryption functionality to potentially make it faster.

With this updated malware, legacy systems are at the highest risk since many antimalware tools reasonably stopped supporting Windows Server 2003 and Windows XP. These same systems may not have been patched, making them vulnerable to the EternalBlue exploit. Likewise, the system may use an administrative account by default, creating additional risk.

Enterprises using good security hygiene will have the security controls in place to stop the GandCrab ransomware, but they may still have vulnerable legacy systems on their networks. These legacy systems may require network access, making them vulnerable to attack without the necessary controls to prevent vulnerable systems from being infected with the GandCrab ransomware.

Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

Articles You May Like

VC funding to Black web3 founders popped last year, bucking trends
Metrics that matter: 3 KPIs to track on the path to profitability
Hybrid play: Leveling the playing field in online video gaming and beyond
NASA’s ‘Mega Moon Rocket’ aced first flight and is ready for crewed Artemis II launch
Big factories, big trucks and big Musk: Tesla Q4 earnings expectations

Leave a Reply

Your email address will not be published. Required fields are marked *