GRANDCRAB RANSOMWARE V2 IS IMPENETRABLE COMPARED TO ITS FIRST VERSION

After being decrypted by security researchers, the GrandCrab ransomware now returns with version 2 which has currently impenetrable C&C servers and has more decent ransomware capabilities. GrandCrab ransomware is a new ransomware-as-a-service which emerged in the Dark web during early 2018.  The GandCrab was advertised in Russian hacking community.  Security researchers noticed that the developers leveraged the RIG and GrandSoft exploit kits to distribute the malware. Some of the advertising points of the GrandCrab ransomware-as-a-service include high percentage of proceeds, technical support, updates, and prohibition to use it against countries in the Commonwealth of Independent States. This February 2018, security firm Bitdefender, the Romanian Police, and Europol allegedly gained access to the GandCrab Ransomware’s Command & Control servers, which allowed them to recover some of the victim’s decryption keys. In GrandCrab V2, the hostnames for the ransomware C&C servers are changed to politiaromana.bit, malwarehunterteam.bit, and gdcb.bit, in mockery of the team that led to the breaching of the threat actors’ initial C&C servers. Apart from the change of hostnames, the GrandCrab ransomware now appends a .CRAB extension to the file name of encrypted files.  A ransom note is also included in a notepad file CRAB-Decrypt.txt along with payment instructions. The following image shows a screenshot of the ransom note: The payment site at TOR for GrandCrab V2 also had a considerable change in layout and payment procedure. The security researches who took down the first version of GrandCrab ransomware must not stop at their initial success.  They should not let the GrandCrab V2 team be successful with the redesign of the ransomware for it will greatly affect their reputation in terms of global cyber security.  The security researchers should again take down the V2 to prove their global competence, and to demonstrate that the malicious attackers cannot prosper against a team of white-hat hackers.    

 

CRYPTO-MINERS ARE NOW EQUIPPED WITH PROCESS KILLER

Cryptocurrency miners now possess process-killing   function to kill processes which consumes the CPU processing power. Since majority of cyber-attackers are now focused on cryptocurrency, every device that has computing power is now a target of malware propagation.  Different kinds and methods of cryptocurrency-mining emerged such as smartphone miners, NSA tool-powered miners, and even nuclear facility miners.   All these schemes are effective in their own ways, and are gradually making innovations through time. Recently, it was discovered that newly-engineered crypto-mining malware have the capability to kill processes that consume the computing power of the target system.  Included in the code of the crypto-mining malware is a kill list consisting of processes that might hinder the mining process consumption.  The list includes some Operating system processes, as well as known processes from other cryptocurrency-miners to ace the competition. The following is the list of some of the processes included in the kill list: Silence Carbon xmrig32 nscpucnminer64 mrservicehost servisce svchosts3 svhosts system64 systemiissec taskhost vrmserver vshell winlogan winlogo logon win1nit wininits winlnlts taskngr tasksvr mscl cpuminer sql31 taskhots svchostx xmr86 xmrig xmr win1ogin win1ogins ccsvchst nscpucnminer64 update_windows Although the process-killing capability of the crypto-mining malware will make the miner more effective, the function is quite advantageous to the infected system.  Primarily, the malware is easily detectable since it is noticeable that some windows processes are terminated without the user interaction.  Second, security researches can utilize the same code used in the malware to develop defensive applications which can auto-kill processes coming from crypto-mining malware.

 

$70 MILLION WORTH OF BITCOIN STOLEN IN NICEHASH HACKING INCIDENT

NiceHash, the largest Bitcoin mining marketplace, has been hacked, which lost more than $70 million USD worth of Bitcoin. Most of the major hacking and breaches concerning Bitcoin happened early this year including CoinDash, Veritaseum and Etherparty.  Considering the skyrocketing price of Bitcoin, attackers are now focusing their skills and resources towards such cryptocurrency.  Since Read more…

 

UBER CONCEALED A MAJOR DATA BREACH

On October 2016, Uber Technologies Inc. concealed a major data breach by paying one hundred thousand USD ($100,000) to hackers. Uber Technologies Inc. is a global transportation technology company headquartered in San Francisco, California, United States, operating in 633 cities worldwide.  It develops, markets and operates the Uber car transportation and food delivery mobile apps.  Read more…

 

NSA EMPLOYEE PLEADS GUILTY TO ILLEGALLY TAKING CLASSIFIED FILES

Nghia Hoang Pho, a NSA employee from Tailored Access Division, pleads guilty in illegally taking home classified information which were allegedly leaked due to Kaspersky Anti-virus software. Last October 2017, Kaspersky was blamed by several security companies worldwide, especially US-based security agencies, for providing access on their anti-virus software to Russian intelligence.  It was reported Read more…

 

YAHOO 2014 EMAILS HACKER ARRESTED

The hacker behind the 2014 Yahoo Emails attack, Karim Baratov, a Canadian citizen, was finally apprehended and pleaded guilty to participating directly in the said massive email breach. This October 2017, Yahoo admitted that three billion user accounts were compromised – the equivalent of half the people on Earth – in a 2014 hack. That Read more…