See More

GandCrab Ransomware Spreads Through Valentine’s Day Emails; Attackers Demand Cryptocurrency

2 mins
Updated by Dani Polo
Join our Trading Community on Telegram
Security researchers at the Mimecast email services discovered a new crypto-based ransomware attack which spread over Valentine’s Day.
The malicious program, dubbed GandCrab, was found attached to several emails posing as romantic letters. Victims that downloaded and opened the attachment had their personal data encrypted and held ransom. Notably, researchers found that users with Russian keyboard layouts were intentionally excluded from the attack.

Exploiting Valentine’s Day

According to the researchers’ report, the attackers generally included a profession of love in the email’s subject line, enticing the user to click through the message. The body of the email, on the other hand, contained only an asterisk and an attachment disguised to appear as a text file. Once the file was opened, however, users were greeted with a language select screen, allowing them to view the message in either English, Chinese or Korean. Simultaneously, in the background, the ransomware program not only encrypted user data but also changed file extensions to strings of randomly generated characters. A text file was then placed on the desktop to let the user know that their computer had been compromised. It also provided a unique link where users were asked to pay the ransom amount and obtain a key for decryption. The Mimecast Threat Labs team found that the amount of money demanded varied between victims. They believe that the exact amount is decided after the value of the data taken ransom has been ascertained. Notably, the attackers demand that the ransom amount is paid in one of two cryptocurrencies, Bitcoin or Dash. The linked website even includes instructions to walk through the process of buying cryptocurrency and a live chat option for additional assistance. Heart

No End in Sight

Researchers discovered that the GandCrab attackers employed a host of additional target vectors, including but not limited to fake e-greetings, fraudulent emails claiming to contain gifts and other complimentary services, malicious dating apps, and fake customer surveys. The team estimates that the attack could continue to wreak havoc over the next year, specifically during festive seasons when people expect to receive such emails. The GandCrab outbreak comes roughly two years after crypto-based ransomware attack WannaCry affected 200,000 victims. Even though the initial attack was thwarted within four days after a researcher found a built-in kill switch, the program managed to spread to over 150 countries, causing billions of dollars worth of destruction. Similar to GandCrab, WannaCry demanded that affected users pay anywhere between $300 and $600 via Bitcoin to obtain a decryptor. Do you know anyone affected by a ransomware attack? Let us hear your stories in the comments below!
Top crypto platforms in the US | March 2024

Trusted

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

Rahul-Nambiampurath.jpg
Rahul Nambiampurath
Rahul Nambiampurath's cryptocurrency journey first began in 2014 when he stumbled upon Satoshi's Bitcoin whitepaper. With a bachelor's degree in Commerce and an MBA in Finance from Sikkim Manipal University, he was among the few that first recognized the sheer untapped potential of decentralized technologies. Since then, he has helped DeFi platforms like Balancer and Sidus Heroes — a web3 metaverse — as well as CEXs like Bitso (Mexico's biggest) and Overbit to reach new heights with his...
READ FULL BIO
Sponsored
Sponsored