Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    [Heads-up] Double Trouble: Ransomware And File Thief Combined In Nasty Hybrid Malware

    GANDCRAB-RANSOMWARE

    A new malware attack has been detected in the wild. This nasty combines two known pieces of malware: the Vidar data harvesting malware followed by GandCrab ransomware.

    Data Breach Guaranteed

    Vidar exfiltrates a wide variety of data, including passwords, documents, screenshots, stored 2FA information, and cryptocurrency wallets. and sends that to its C&C server. Next, GandCrab encrypts the infected system and displays a ransom demand. This demonic duo adds insult to injury.

    Following the trails of a malvertising campaign targeting users of torrent trackers and video streaming websites, malware researchers found that Fallout Exploit Kit was used to spread a relatively new infostealer called Vidar, which doubled as a downloader for GandCrab.

    Running an infostealer before deploying the ransomware ensures some money for the adversary even if the victim does not pay the ransom. Even if the cybercriminals do not use the stolen data themselves, they can sell it on underground forums. Here is a diagram how this was put together:

    Fallout-Exploit-Kit-Vidar-Malware-GandCrab-Ransomware-Diagram

    Read more at:

    • www.theregister.co.uk: She will lock you out, livin' la Vidar loca: Enterprising crims breed ransomware, file thief into hybrid nasty
    • www.zdnet.com: Double trouble: Two-pronged cyber attack infects victims with data-stealing trojan malware and ransomware
    • www.bleepingcomputer.com: GandCrab Operators Use Vidar Infostealer as a Forerunner
    • www.scmagazine.com: Cybercriminals double up using Vidar and GandCrab in single attacks

    If your users are misbehaving and not using your Acceptable Use Policy in the office or on company laptops on the road or at the house, this can easily happen. You really, really need to step everyone from the mailroom to the boardroom through new-school security awareness training.

    Free Ransomware Simulator Tool

    RanSimFalPos.pngHow vulnerable is your network against a ransomware attack?

    Bad guys are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

    KnowBe4’s "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 13 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

    Get RanSim!
     
    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:
     
    https://www.knowbe4.com/ransomware-simulator

     

     

    Return To KnowBe4 Security Blog

    Topics: Ransomware

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews