GandCrab ransomware distributed by RIG and GrandSoft exploit kits

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

GandCrab ransomware distributed by RIG and GrandSoft exploit kits
Botnet GandCrab
Malware
Botnet/malware group Ransomware
Exploit kits RIG, GrandSoft
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2018 / 2018-01-30
Editor/Conference Malwarebytes
Link https://blog.malwarebytes.com/threat-analysis/2018/01/gandcrab-ransomware-distributed-by-rig-and-grandsoft-exploit-kits/ (Archive copy)
Author Vasilios Hioueras, Jérôme Segura
Type Blogpost

Abstract

Late last week saw the appearance of a new ransomware called GandCrab. Surprisingly, it is distributed via two exploit kits: RIG EK and GrandSoft EK.

Why is this surprising? Other than Magnitude EK, which is known to consistently push the Magniber ransomware, other exploit kits have this year mostly dropped other payloads, such as Ramnit or SmokeLoader, typically followed by RATs and coin miners.

Despite a bit of a slowdown in ransomware growth towards the last quarter of 2017, it remains a tried and tested business that guarantees threat actors a substantial source of revenue.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2018BFR5354,
   editor = {Malwarebytes},
   author = {Vasilios Hioueras, Jérôme Segura},
   title = {GandCrab ransomware distributed by RIG and GrandSoft exploit kits},
   date = {30},
   month = Jan,
   year = {2018},
   howpublished = {\url{https://blog.malwarebytes.com/threat-analysis/2018/01/gandcrab-ransomware-distributed-by-rig-and-grandsoft-exploit-kits/}},
 }