chepicap.com
A new ransomware strain called GandCrab has been doing the rounds lately. It poses as a love letter sent by email. Once it’s infected the victim's computer, it demands either Bitcoin or Dash.
How is #ValentineDay being exploited by threat actors like #GandCrab and what can you do to protect your team? Advice from Threat Labs & @JCDSecurity: https://t.co/DhNBHJ7Fnm pic.twitter.com/iOlX3XDLl1
— Mimecast (@Mimecast) February 14, 2019
A recent report published by Mimecast Threat Labs explains that the GandCrab ransomware strain works by posing as a love letter or something similar. Once opened, the virus encrypts the victims’ files and demands Bitcoin or Dash in exchange for having their files unencrypted.
Read more: New extortion scheme tricks users into installing ransomware on their device
Victims receive an email with a subject line that says “Wrote my thoughts down about you,” or “Felt in love with you.” The only contents of the email are an asterisk and an attached file titled “Love_You_2018_” followed by a string of numbers.
Once the attachment has been opened, a popup appears asking if the message should be displayed in English, Chinese or Korean. Once a selection is made, the user’s files are encrypted and cryptocurrency is demanded.
The victims are then told that if they don’t pay within seven days, the ransom will double. According to the report, the attack Is quite advanced and even features a live chat window to help those who aren’t sure how to use cryptocurrencies.
Interestingly, the attack seems to deliberately avoid Russian users, and even stops if it detects that the user has a Russian-configured keyboard.
Read more: Ryuk ransomware scheme nets over 705 BTC in five months