Gandcrab Ransomware
It is one of the most famous computer virus. Gandcrab is a ransomware spread through malvertisements, explicit websites, or spam emails, which leads the user to Rig Exploit Kit Page or GrandSoft EK page. Through these pages, Gandcrab makes an entry into users’ systems and devices.
Once ransomware is active on the system, it starts to gather user’s personal information such as username, keyboard type, presence of antivirus, IP, OS version, current Windows version etc. Dangerous computer virus Gandcrab makes its next move on the basis of information collected. After which it kills all tasks & processes running on system so that it can start encrypting the data and files present in system.
It then generates public and private keys on user’s system, which are then forwarded to C2 server hosted on .bit domain.
As soon as the key is delivered it starts its process of encryption by using public key generated and adds ‘.GDCB’ extension to all encrypted files. After this, it sends a file containing ransom message on the user’s system in return for decryption of their data. The name of the file with ransom message is ‘GDCB-DECRYPT.txt’.
– Regular backup of important data and files.
– Update operating system and applications.
– In case of attack, try using ransomware decryption tools.
No comments:
Post a Comment