Data Recovery Blog

It may have already been the reason that thousands upon thousands of people around the globe have lost access to their data, but ransomware shows no signs of abating. In fact, it’s becoming more effective.

Having begun to infect the storage media of unsuspecting users in January of this year, GandCrab ransomware quickly gained notoriety following it becoming ne’er-do-well’s virus of choice. Those who were inclined to do so could simply purchase the malware via the dark web and then proceed to infect unsuspecting targets with just a few clicks. This, of course, effectively opened up cybercrime to nefarious individuals who otherwise lacked the technical knowledge required to hold others’ data to ransom. As if this wasn’t bad enough, this version improves upon its predecessors in a number of other ways – each designed to make it a more effective means of blackmailing those unfortunate enough to download it to their device.

By switching the encryption mechanism, this latest version of the virus encrypts data more rapidly than previous versions. If that wasn’t enough, whilst previous versions needed the infected device to be connected to the internet to compete the encryption process, this one does not. In other words, it's going to make your data unreadable whether or not your device remains networked and it’s going to do it very, very quickly.

Legacy systems like Windows XP and 2003 were previously ‘immune’ to this particular virus but not anymore: the latest version of GandCrab utilises an SMB exploit spreader in order to infect devices running these operating systems and security experts feel this exploit could mean that further legacy systems are at risk too.

One thing remains, though: victims are asked to pay a $500 cryptocurrency ransom in exchange for their data with this demand doubling to $1,000 if the ransom’s not been paid within three days.

Security experts are still advising anyone unfortunate enough to find their data encrypted not to give in to the blackmailers demands as this will merely encourage them. Instead, they advise internet users to be vigilant and to avoid downloading anything that appears suspicious.

This latest version of GandCrab appears to target users of Wordpress sites so it’s logical to conclude that those who frequent sites that utilise this platform remain mindful of the fact that they’re placing themselves in a potentially vulnerable position.

If you’ve been the victim of a ransomware attack, Fields Data Recovery can help. You can book a free data recovery diagnostic here.