Ransomware has become one of the most serious cyberthreats facing organisations today. Regardless of how large or small your business is, hackers are targeting the data living on your computer systems. If you are not properly protected, then your reputation and profitability are at risk.
In a typical ransomware attack, the cybercriminal infects an operating system with a piece of malware that encrypts the data stored on it. This essentially locks you out of the computer; the screen usually displays a message indicating that you are the victim of an attack.
No honour among thieves
When files are locked as the result of a ransomware attack, the hacker may offer to decode all data in exchange for a payment through a credit card or cryptocurrency account. However, submitting a ransom payment does not guarantee that your computer will be cleansed of the malware. In fact, most experts suggest you not make a payment because more times than not they bad guy doesn’t bother to provide a functional decryptor afterwards.
GandCrab is one form of ransomware that has spread rapidly in recent years.
The evolution of GandCrab
The GandCrab ransomware was developed by a team of cybercriminals and actually continues to evolve. To date, there have been five different versions of the malware found on the open internet. As each iteration is analysed and neutralised by technical experts, the hackers find new ways to exploit security holes.
In most cases, a GandCrab attack begins with a phishing attempt or other form of social engineering. For example, you might receive an email that contains a suspicious attachment or URL link. Often the message pretends to be from a legitimate source, like a credit card company, telling you that there is an issue with your account.
If you click on the link or open the attachment, the GandCrab virus loads onto your computer and begins scanning the local hard drive as well as any connected network drives. The malware encrypts every file it finds using a special format that cannot be easily cracked.
If your computer or network is infected by GandCrab, the first thing to do is determine what version of the malware you have by looking at the file extensions that appear on your computer. Version 1 uses .gdcb, versions 2 and 3 use .crab, version 4 uses .krab, and version 5 uses a randomised string of five letters.
How free decryptors work
While cybercriminals continue to develop GandCrab, there is a major effort underway to help victims of this ransomware attack. Cybersecurity specialists have teamed up to build and test decryptor tools, which they have begun to release as free downloads. The tool runs an algorithm against your hard drive to find affected files and convert them back to their original state.
As of today, there are decryptor tools available for versions 1 through 5 of GandCrab. If you need to use one to recover from an attack, be sure to obtain it through a legitimate source, such as a local government or law enforcement agency. Be wary of any GandCrab decryptors that show up on third-party websites, as these may actually be new viruses in disguise.
Moving forward, the ring of criminals behind GandCrab is expected to continue pushing new versions of the malware into the wild. With data being the most valuable resource on the web, they have turned the virus into a mirror image of the legitimate industry known as Software as a Service (SaaS) - they call it Ransomware-as-a-Service (RaaS). The question is whether the decryptor tools will be able to keep up.
Protecting against attacks
If you are part of a business that relies on the internet for day-to-day operations, then it is critical to take measures to protect against cyberattacks like GandCrab. This is especially true if your data and systems interact with customers on the open internet.
The first step to secure your infrastructure and software is to audit your hosting provider. While there are good free hosts to be found, you have to sift through a lot of detritus to find them. Free or very low cost web hosts often use outdated security software on their servers and tend to pay more attention to splashing banner ads and upsells across your screen than securing their service.
Another major risk with the GandCrab malware is the potential for it to spread from one computer or server to another within the same local network. For example, if one user opens a dangerous attachment, it could cause a ripple effect across the entire organisation.
To keep your network safe, IT security officers need a plan in place for when malware is detected. The affected computer should be disconnected from the network immediately so that it can be diagnosed and repaired. There are many smart tools on the market today, including firewalls and intrusion detectors, to alert you the moment an issue occurs.
Nothing guarantees you won’t be bitten by Gandcrab except never using the internet. Not a preferred choice for many people. In order to have the best chance of avoiding this malware, there are a couple of points to make. The first is that everyone in your organisation needs to be educated and trained on the potential risks.
Secondly, given the rise in popularity of telecommuting, all employees should be required to use a virtual private network (VPN) any time they connect to internal company resources from a remote location (like home). Estimates say that one out of four people already use this data encryption tool, thanks to the fits it gives hackers, and use is expected to continue to rise.
The GandCrab form of ransomware represents a significant risk to companies across the globe. If you choose to not properly protect yourself, there is more than a small chance you could lose access to all of the critical data on your local hard drive in an instant.
Fortunately, cybersecurity experts are building decryptor tools to battle against the criminals who designed GandCrab. These tools represent the best chance you have of eliminating a ransomware virus that’s already onboard and returning your system to a working state. Having to pay a large ransom to hackers to recover your encrypted files should be an absolute last resort.
Sam Bocetta, freelance journalist
Image Credit: WK1003Mike / Shutterstock