GandCrab ransomware distributed by RIG and GrandSoft exploit kits
Jump to navigation
Jump to search
(Publication) Google search: [1]
GandCrab ransomware distributed by RIG and GrandSoft exploit kits | |
---|---|
Botnet | GandCrab |
Malware | |
Botnet/malware group | Ransomware |
Exploit kits | RIG, GrandSoft |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2018 / 2018-01-30 |
Editor/Conference | Malwarebytes |
Link | https://blog.malwarebytes.com/threat-analysis/2018/01/gandcrab-ransomware-distributed-by-rig-and-grandsoft-exploit-kits/ (Archive copy) |
Author | Vasilios Hioueras, Jérôme Segura |
Type | Blogpost |
Abstract
“ Late last week saw the appearance of a new ransomware called GandCrab. Surprisingly, it is distributed via two exploit kits: RIG EK and GrandSoft EK.
Why is this surprising? Other than Magnitude EK, which is known to consistently push the Magniber ransomware, other exploit kits have this year mostly dropped other payloads, such as Ramnit or SmokeLoader, typically followed by RATs and coin miners.
Despite a bit of a slowdown in ransomware growth towards the last quarter of 2017, it remains a tried and tested business that guarantees threat actors a substantial source of revenue.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2018BFR5354, editor = {Malwarebytes}, author = {Vasilios Hioueras, Jérôme Segura}, title = {GandCrab ransomware distributed by RIG and GrandSoft exploit kits}, date = {30}, month = Jan, year = {2018}, howpublished = {\url{https://blog.malwarebytes.com/threat-analysis/2018/01/gandcrab-ransomware-distributed-by-rig-and-grandsoft-exploit-kits/}}, }