GRANDCRAB 5.04 STEALS IMPORTANT FILES BEFORE ENCRYPTION

The latest version of GrandCrab ransomware uses the Vidar information stealer to steal credentials of the victim computer prior to encryption. Vidar is a new payload equipped in GrandCrab which lets the authors to steal passwords and forms on web browsers.  Additionally, it can be configured to search for particular strings such as payment card numbers and other credentials.  The stolen data are compiled into a ZIP archive and sent to the attackers’ C&C server. Furthermore, Vidar is equipped with a GUI for easy monitoring of victims and stolen data. After credentials were stolen, GrandCrab now proceeds with the following process: It should be noted that files encrypted by GrandCrab 5.0.4 are appended with a randomly-generated extension. This way, by using Vidar, GrandCrab authors can earn by selling the stolen credentials in dark web forums, even if a victim refused to pay the demanded ransom. As of now, there is no third-party decryption tool yet for victims of GrandCrab 5.0.4 and 5.0.3.  However, all earlier versions can be decrypted by the tool developed by Romanian antivirus, Bitdefender.  The said decryption tool can be downloaded for free under the following link address: http://download.bitdefender.com/am/malware_removal/BDGandCrabDecryptTool.exe

 

BAD RABBIT RANSOMWARE – A NEW RANSOMWARE ATTACK

A new globally-threatening ransomware emerged this year.   Dubbed as Bad Rabbit Ransomware, said ransomware is now rapidly spreading across Europe.  It has infected almost 200 major organizations in Russia, Ukraine, Turkey and Germany. Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or Read more…

 

A NOT-SO-ROYAL RANSOMWARE, “PRINCESS” RANSOMWARE EMERGED WITH A NEWER VERSION

Researchers have discovered that last year’s (2016) ransomware have crawled its way again to the cyber-world – PrincessLocker Ransomware. The PrincessLocker Ransomware was first discovered on September 2016 as a light-threat ransomware. It was first discovered on darkweb forums. Princess Locker encrypts a victim’s data and then demands a large ransom amount of 3 bitcoins, Read more…