One set of malware is bad enough for most organizations to deal with, but what should they do when they’re hit with two sets at once?

Hackers are constantly trying to breach the defenses of PC users, but it’s not easy for them to succeed. Defenses are constantly improving and PC users are becoming more technically minded when it comes to hacking. Attacks, therefore, need to be cleverer and more aggressive for hackers to succeed. And one of the newest threats to PC defenses is a combined attack which teams up multiple forms of malware to pack a devastating punch.

In particular, reports are coming in that hackers are combining the data miner Vidar alongside the GandCrab ransomware to maximize their chances of success. And it’s proving to bear fruit for the hackers, so it’s crucial that you understand the risk.

The Double Whammy of Vidar and GandCrab

The combined attack of Vidar and GandCrab was identified by Malwarebytes Labs who observed that the hack first installs Vidar and then proceeds to strengthen the attack with GandCrab. Using malicious advertising software, the hackers expose users to an exploit kit (usually Fallout) which targets vulnerabilities in specific apps. Once this exploit kit has been executed, Vidar is installed on the infected PC and proceeds to mine user data such as communications, digital wallet info and login details.

This attack is bad enough, but the victim things are about to get worse as Vidar is capable of downloading additional malware. Using a command and control center to receive and transmit data, Vidar will, after a minute of its own installation, download and execute the GandCrab ransomware. It’s true that Ransomware has, to a degree, fallen out of favor with hackers over the last year, but it still has the potential to cause severe disruption for organizations. Encrypting files and then demanding a ransom will stifle the productivity of any organization effected, even if backup copies are available.

Protecting Your Organization from Vidar and GandCrab

It’s clear to see that the two headed attack of Vidar and GandCrab is particularly nasty and one to watch out for. In order to understand how to protect your organization from this threat, you need to understand how this attack is able to take place. As ever, that age old favorite of unpatched software is squarely to blame and, on this occasion, it’s Adobe’s Flash Player and Microsoft’s Internet Explorer.

Anti-malware software is now capable of detecting Vidar when it’s found within your PC, but the easiest option for any organization is to avoid allowing it access in the first place. One of the keenest security practices to adhere to is the installation of software patches as soon as they become available. Sadly, this task is often superseded by more immediate, pressing matters and this grants hackers more time to detect and exploit these vulnerabilities. However, with what is usually just a few clicks of a mouse, protection from potential security threats can be implemented by immediately installing patches.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Defeating a particular strand of ransomware doesn’t mean it’s dead and buried; you only have to take a look at GandCrab to see how it can evolve.

GandCrab first emerged online at the start of 2018 and began to spread rapidly across the globe. Known as a Ransomware-as-a-Service (RaaS) attack, GandCrab has been able to continue causing chaos thanks to its code receiving regular updates. Now, as ransomware is such a pressing concern at the best of times, the realization that it can rapidly evolve is very troubling for anyone who heads online.

Due to the economic impact, not to mention the effect on productivity, that ransomware can cause to organizations, we’re going to take a close look at GandCrab to understand how and why it has evolved.

What is RaaS?

GandCrab is classed as a RaaS, but what exactly does this mean? Well, RaaS is built upon an attack where ransomware is written by cyber-criminals and then sold on to attackers who may not have the technical knowledge to write their own ransomware. Sometimes, however, the attackers may be perfectly capable of writing their own ransomware, but they don’t have the time and are just looking for a quick buck instead. Nonetheless, RaaS is highly popular due to the ease with which it can be deployed and the ready availability of the code. And this is exactly how GandCrab has been operating since the start of the year.

How Does GandCrab Operate?

Rather than concentrating on just one deployment method, GandCrab is particularly virulent thanks to its multifaceted approach which includes spam emails, exploit kits and malvertising. Once executed, GandCrab begins compiling information on the victim’s PC and scans for file extensions that it’s capable of encrypting. Early versions of GandCrab would encrypt files with a .CRAB extension, but the latest versions have begun encrypting files with 5 digit extensions that are randomly generated. GandCrab is also different to most other ransomware as it demands its ransom in Dash, a cryptocurrency which launched in 2015, rather than Bitcoin.

The Evolution of GandCrab

In total, there have been five versions of GandCrab released since its initial detection. Being a RaaS, the writers of GandCrab are keen to keep the money flowing in and this has fuelled their determination to update their product. Those who were infected by versions 1.0 and 1.1 were in luck early on as BitDefender managed to code a decryptor to retrieve files which had been compromised. However, this setback only served to inspire the hackers behind GandCrab to update the code significantly in GandCrab 2.0. Since then, less significant, but regular updates have allowed GandCrab to stay ahead of the security experts and keep their product bringing in its illicit income.

Can GandCrab be Defeated?

Despite the strength of GandCrab’s defenses, it appears that the security experts may be getting closer. Recent developments have seen BitDefender refining their decryptor software to unlock files encrypted by GandCrab versions 1, 4 and 5. Unfortunately, progress on decrypting files encrypted by versions 2 and 3 has been much slower and these files remain encrypted unless the victims are willing to pay the ransom. Ultimately, the best way for your organization to protect its data from the threat of ransomware such as GandCrab is by practicing best security practices and not having to decrypt any files whatsoever.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More