GandCrab v4 evolving: new version of a virus detected weekly

It was believed that GandCrab ransomware is a one-time thing, but a virus evolves and does it fast

GandCrab ransomware right now has more than five versions and is one of the most dangerous at the time. If is also because of the last GandCrab v4 ransomware. This version is supervised by the various teams of experts because of changing the code and releasing different versions in little time. It all started with V4.1 version when it came to light right after the main GandCrab V4 variant, but it is known that developers create various internal versions. These new versions with modified codes are now called GandCrab v4.x ransomware because it already has a v4.3 version and is changing the code internally.

This activity of ransomware caught Esolutions team’s attention after the vaccine for the GandCrab v4.2 version came out. It was revealed that Salsa20 streaming chiper added as a feature for the virus. Because of this fact, Vaccine app creates a possibility to trick virus and prevent data encryption. Every ransomware attack starts with .lock file development because virus scans the system and finds out if this PC was locked before or not. This app creates this file beforehand, and virus scans the device as already encrypted. It works as a preventive vaccine, exactly. There is only a question of time when this app starts to work on previous versions of this ransomware.

One of the most dangerous

GandCrab ransomware was developed in January this year. And since then much has changed. This ransomware was different from the others because of the encryption methods – it used a few different codes at the same time. Despite this fact, the decryption tool was discovered quite fast. It was decryptable, and everyone started to think this is the end, but a few months after the second variant came to light. Then, the summer came along with all the latest versions of this virus and all related problems.

Decryption works on the first version but every variant after that is changed in coding. Even small changes make decryption impossible later on. So each version is dangerous in other ways. Ransomware viruses are in general the most dangerous type of viruses because of the ransom demanding aspect. Each developer decides to ask for a different amount of cryptocurrency. Any contact between the victim and the cybercriminals can lead to data or money loss. Often files might get encrypted twice so alleged decryption key form developers or tool created by researchers, does not work.

Ways of keeping your system safe

The best and the safest way to avoid ransomware viruses is cleaning and updating your PC in time, without forgetting to clean spam email box. Emails that automatically fill that box can be infected not just filled with commercial content. Safe-looking files attached to these emails often are filled with macro-viruses. Immediately after you download and open the letter, you get an infection on your device. Keep your email box clean and delete these suspicious emails without opening them.

Updating your software, tools or programs can be beneficial since virus developers use vulnerabilities for their advantages. Also, there is a rule in cybersecurity world that you need to get your software and updates from legitimate, certified and known sources if you want to be safe. Any free-sharing network might have updates or software bundled up with PUPs or other intrusive programs.

Another rule is anti-virus, anti-malware, and anti-spyware tools. You should keep these programs on your device and up to date. These tools can detect possible threats and anti-malware tools can terminate various infections, malware. These are useful tools for virus removal and infection repetition prevention.

Posted in support.