The malware developers started by publishing the least well-built malware that could possibly work, and improved it as they went along.
Given this, and given that this newest version was released within the week, the bottom line seems to be: It’s the year 2018, even ransomware is agile,” reads an upcoming report to be released by Check Point.
Early February experts at cyber security firm LMNTRIX discovered a new ransomware-as-a-service dubbed GandCrab, advertised in the Russian hacking community on the dark web.
Researchers noticed that authors leverage the RIG and GrandSoft exploit kits to distribute the ransomware strain. It has been estimated that the GandCrab strain has managed to infect approximately 50,000 computers, most of them in Europe, in less than a month asking from each victim for ransoms of $400 to $700,000 in DASH cryptocurrency.
“GandCrab is the most prominent ransomware of 2018. By the numbers this ransomware is huge,” explained Yaniv Balmas, security research at Check Point.
Balmas compares GandCrab to the notorious Cerber family, and the expert also added that GandCrab authors are adopting a full fledged agile software development approach, the first time in ransomware history.
“For those behind GandCrab, staying profitable and staying one-step ahead of white hats means adopting a never-before-seen agile malware development approach, said Check Point.” reported Threat Post.
“Check Point made the assessment after reviewing early incarnations of the GandCrab ransomware (1.0) and later versions (2.0).” More at: http://securityaffairs.co/wordpress/70326/malware/gandcrab-ransomware-agile-dev.html
Free Ransomware Simulator Tool
How vulnerable is your network against a ransomware attack?
Bad guys are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?
KnowBe4’s "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 13 infection scenarios and show you if a workstation is vulnerable to ransomware infection.