Blog

Ranstop blocks GandCrab v3 ransomware

Test subject – GandCrab v3 ransomware

We already covered the first version of GandCrab, but since then, two new versions were released. The developers promised to come back after their first command & control servers were seized, and they also managed to add new features to their malicious creation.

Some things didn’t change though, the ransomware still makes use of exploit kits and email campaigns to attack as many people as possible. Their new C2 servers are hosted under some other .bit domains, and the malware attacks the same file extensions.

GandCrab v3 ransomware test facts

The most significant change consists of a new feature that changes the Desktop background, which the malware dynamically builds, personalizing it with the username. It’s not the prettiest, being a low-resolution image, but impacts the user. There’s also a new ransom note. The RunOnce key, which is a new addition in v2, effectively makes sure no files are missed, as GandCrab will start after the forced restart.

Once executed, the files are very quickly encrypted. The background is changed and the ransom note is dropped at the very end, trying to hide its activity from the user, not to raise any immediate suspicions. When encryption is done, the malware restarts the computer and opens a few browser windows as well as the new ransom note. These will supposedly help the user recover the lost files, containing payment instructions and necessary software. Encrypted files can easily be recognized by their new extension, which “.crab”.

We do not know of any free tools able to decrypt the attacked files and paying the ransom is never encouraged.

GandCrab v3 ransomware test results

TEMASOFT Ranstop detects GandCrab v3 ransomware easily once it starts encrypting files. Upon detection, the user is alerted, and the ransomware process is blocked and quarantined. The affected files are automatically restored so that the user doesn’t lose her documents.


Click here to watch TEMASOFT Ranstop blocking GandCrab v3 ransomware (video)!

Learn how to protect against ransomware!

About TEMASOFT Ranstop

TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.

For more information, follow us on social media and subscribe to our newsletter.

This post was last modified on August 21, 2023 7:26 am

FM Team

Share
Published by
FM Team

Recent Posts

The Role of File Monitoring Solutions in Maintaining File Integrity

In the digital world, information is often stored and transferred through files. From the most…

May 12, 2023

Guide to Conducting an Efficient File Access Permissions Audit for Admins and Technology Managers

Introduction Data security is more important than ever in today's fast-paced digital world. One critical…

April 9, 2023

File Integrity Monitoring: What It Is and Why It Matters

Introduction: Cyber threats are a growing concern for businesses and individuals alike. With the increasing…

March 5, 2023

Monitoring Essential Microsoft IIS Server Configuration Files for Enhanced Security

Microsoft Internet Information Services (IIS) is a popular web server that is widely used to…

February 25, 2023

Tracking file changes helps admins solve server configuration problems

File tracking is an important aspect of server administration, and it can help administrators detect…

February 1, 2023

Three reasons why admins should use file monitoring solutions

File monitoring solutions are essential tools for administrators to manage and protect their organizations' data…

January 6, 2023