Difference between revisions of "GandCrab ransomware distributed by RIG and GrandSoft exploit kits"

From Botnets.fr
Jump to: navigation, search
(Created page with "{{Publication| Link=https://blog.malwarebytes.com/threat-analysis/2018/01/gandcrab-ransomware-distributed-by-rig-and-grandsoft-exploit-kits/}}")
 
 
Line 1: Line 1:
{{Publication| Link=https://blog.malwarebytes.com/threat-analysis/2018/01/gandcrab-ransomware-distributed-by-rig-and-grandsoft-exploit-kits/}}
+
{{Publication
 +
|Botnet=GandCrab,
 +
|ExploitKit=RIG, GrandSoft,
 +
|Group=Ransomware,
 +
|Year=2018
 +
|Date=2018-01-30
 +
|Editor=Malwarebytes
 +
|Link=https://blog.malwarebytes.com/threat-analysis/2018/01/gandcrab-ransomware-distributed-by-rig-and-grandsoft-exploit-kits/
 +
|Author=Vasilios Hioueras, Jérôme Segura,
 +
|Type=Blogpost
 +
|Abstract=Late last week saw the appearance of a new ransomware called GandCrab. Surprisingly, it is distributed via two exploit kits: RIG EK and GrandSoft EK.
 +
 
 +
Why is this surprising? Other than Magnitude EK, which is known to consistently push the Magniber ransomware, other exploit kits have this year mostly dropped other payloads, such as Ramnit or SmokeLoader, typically followed by RATs and coin miners.
 +
 
 +
Despite a bit of a slowdown in ransomware growth towards the last quarter of 2017, it remains a tried and tested business that guarantees threat actors a substantial source of revenue.
 +
}}

Latest revision as of 15:03, 18 July 2018

(Publication) Link to the old Wiki page : [1] / Google search: [2]

GandCrab ransomware distributed by RIG and GrandSoft exploit kits
Botnet GandCrab
Malware
Botnet/malware group Ransomware
Exploit kits RIG, GrandSoft
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2018 / 2018-01-30
Editor/Conference Malwarebytes
Link https://blog.malwarebytes.com/threat-analysis/2018/01/gandcrab-ransomware-distributed-by-rig-and-grandsoft-exploit-kits/ (Archive copy)
Author Vasilios Hioueras, Jérôme Segura
Type Blogpost

Abstract

Late last week saw the appearance of a new ransomware called GandCrab. Surprisingly, it is distributed via two exploit kits: RIG EK and GrandSoft EK.

Why is this surprising? Other than Magnitude EK, which is known to consistently push the Magniber ransomware, other exploit kits have this year mostly dropped other payloads, such as Ramnit or SmokeLoader, typically followed by RATs and coin miners.

Despite a bit of a slowdown in ransomware growth towards the last quarter of 2017, it remains a tried and tested business that guarantees threat actors a substantial source of revenue.

Bibtex

 @misc{Hioueras2018BFR5354,
   editor = {Malwarebytes},
   author = {Vasilios Hioueras, Jérôme Segura},
   title = {GandCrab ransomware distributed by RIG and GrandSoft exploit kits},
   date = {30},
   month = Jan,
   year = {2018},
   howpublished = {\url{https://blog.malwarebytes.com/threat-analysis/2018/01/gandcrab-ransomware-distributed-by-rig-and-grandsoft-exploit-kits/}},
 }