GandCrab Ransomware Explored

New ransomware accepts only DASH coins and uses .bit domains
05 February 2018   1170

New ransomware, that demans ransom in DASH, explored by MalwareBytes.

As experts say, the threat was revealed last week by cyber security specialist David Montenegro, after which a number of companies and independent researchers began to study the extortion virus.

Ransomware is distributed using a malicious advertising campaign that has the identifier Seamless. To end users, malicious software is delivered through the already existing and popular exploits RIG and GrandSoft.

A characteristic feature of GandCrab is that it accepts payment only in DASH. According to experts, this is due to the fact that malicious software operators are attracted by the high anonymity of this digital currency.


The screenshot above shows that at first GandCrab requires 1.5 DASH for unlocking files, and after expiration of several days the amount of redemption is doubled.

Another feature of neww encryptor is the use of the censorship-resistant .bit domains of the Namecoin project. Their main feature is that they do not depend on ICANN, the main governing body for domain names. Thus, the peer-to-peer network principle and the absence of an administrative center make it impossible to remove the name.

On several .bit domains there are control servers of malicious software. It is also interesting that domains are mockingly named "in honor of" the famous companies working in the field of cybersecurity. For example: bleepingcomputer [.] Bit, nomoreransom [.] Bit, esetnod32 [.] Bit, emsisoft [.] Bit, and so on.

At the moment, the experts have not yet created a tool to counter GandCrab, as well as to decipher the relevant information.

Cryptocurrency CFDs to be available 24/7 in Europe

European brokerage Robomarkets has made cryptocurrency-based CFDs`trading possible for its clients
20 March 2018   309

Today the list of accessible trading instruments includes popular kinds of cryptocurrency: bitcoin, bitcoin cash, dash, ethereum, ripple and litecoin. An investment company Robomarkets registered by Cyprus Securities and Exchange Commission (CYREC) has added CFDs (contracts-for-difference) for constant trading: BTC/USD, ETH/USD, BCH/UCD, DASH/USD, XRP/USD and LTC/USD. The maximum admissible leverage of these instruments is 1:5. They may be traded on such platforms as Metatrader 4, Metatrader 5, Webtrader and also on the Robomarkets`own R Trader terminals. Moreover, the clients can buy cryptocurrencies without swaps (with a leverage value of 1:1) using the R Trader platform.

Robomarkets presented the new concept to its clients and explained that in contrast with the instruments the most CFD traders are used to, cryptocurrencies can be traded 24/7 including on the weekends when fiat currency pairs, stocks and commodities are unavailable for trading operations. This factor gives the traders an opportunity to use more strategies which may take some extra time to add to the common business week.

The Robomarkets` development manager Konstantin Rashap claimed that the company keeps up with modern and cutting-edge technological solutions and would be pleased to offer its clients trading assets of new class. According to his point of view, the aim of adding cryptocurrencies to the list of 8,700 available trading instruments is not only to respond to the clients`demands, but also to improve the services`quality.

Bitcoin and ethereum trading had been firstly launched by Roboforex, the European brokerage`s international sister company in September, 2017. Besides, the Belize-licenced firm added CFDs (bitcoin cash, dash, Ripple`s XRP, litecoin) earlier this year.