Recent Articles
Quickest Mobile Data Recovery Case: 100% of Data Recovered in One Hour
How to fix a corrupted database on PS4
How to Troubleshoot Black or Blank Screens in Windows
LockBit Ransomware: A Comprehensive Guide to the Most Prolific Cyber Threat
How To Use iPad Recovery Mode
How to Prevent Overwriting Files: Best Practices
External Hard Drive Not Showing Up On Windows – Solved
How to Fix a Corrupted iPhone Backup
Backup and Remote Wiping Procedures
Common VMware Issues and Troubleshooting Solutions
I think there's an issue with my storage device, but I'm not sure Start a free evaluation →
I need help getting my data back right now Call now (800) 972-3282
GandCrab emerged onto the scene back in January. And similar to many ransomware programs, it underwent some changes. Now, there are new wrinkles that promise to challenge even the most vigilant observers.
How Does GandCrab Ransomware Work?
GandCrab is a different cat altogether. Normally, ransomware infects devices via spam email. This is where you’ll receive a message enticing you to click on a link to access “important messages” from your bank, aunt or post office. Once that loads, the malware goes to town, feasting on your files.
This isn’t the case with GandCrab. This ransomware uses two different exploit kits. Similar to its name, the ransomware targets vulnerabilities in a system such as Internet Explorer or Flash then uses these weaknesses as distribution points for its malware. This is the RIG exploit kit method.
Another method concerns the GrandSoft exploit kit, which works by discovering vulnerabilities in the Java Runtime Environment. From there, the hackers can issue remote attacks with execution codes that encrypt files and demand payment before releasing them back to the user.
GandCrab’s New Variants
One of the ways hackers continue to perfect their craft is through regular updates of their malware programs and GandCrab is no different in this regard. Fortinet researchers uncovered a change in the ransomware’s code structure.
What does this mean? ZDNet reports the ransomware now runs on a Salsa20 steam cipher, meaning it can encrypt data much quicker than previous versions.
Another new wrinkle is the method of attack. Now, hackers are targeting WordPress websites. When visiting WordPress, a user might receive a request to download system tools via links, according to a ZDNet report. If the user clicks on the links, it downloads the malware onto their device, rendering their files inaccessible. You’ll know if you’re infected because the ransomware encrypts the files and codes them with the KRAB extension.
To prevent this code from holding your files hostage, it’s important to think before acting. Normal WordPress websites won’t ask you to download system tools or anything related to it. It’s similar to visiting ESPN or HGTV’s websites, where you might encounter ads but that should be all.
Moreover, it’s an important rule of thumb to avoid clicking on hyperlinks which originate from an unknown source. Similar to refraining from clicking on email attachments from unknown senders, exercise caution when receiving requests to download files via hyperlinks. If you didn’t initiate it (software updates) then it’s best to ignore it.
What Happens if My Files Are Locked?
Losing access to files due to ransomware can be frustrating. However, know there are solutions available. Instead of paying hackers who might or might not return data access, entrust the team at Salvage Data. Our technicians can recover your files from corrupted devices with expedient service that’s affordable and informative.
We are proud to offer a free, no-obligation quote from which you’ll receive all the solutions available to you. It’s a risk-free way of discovering how we can help you regain access to your files. Contact us today to take the first step towards recovering your data!