New ransomware, that demans ransom in DASH, explored by MalwareBytes.
As experts say, the threat was revealed last week by cyber security specialist David Montenegro, after which a number of companies and independent researchers began to study the extortion virus.
GandCrab Ransomware - Welcome! WE ARE REGRET, BUT ALL YOUR FILES WAS ENCRYPTED! - .GDCB ... pic.twitter.com/YkYNAAmvgG
— David Montenegro (@CryptoInsane) January 26, 2018
Ransomware is distributed using a malicious advertising campaign that has the identifier Seamless. To end users, malicious software is delivered through the already existing and popular exploits RIG and GrandSoft.
A characteristic feature of GandCrab is that it accepts payment only in DASH. According to experts, this is due to the fact that malicious software operators are attracted by the high anonymity of this digital currency.
The screenshot above shows that at first GandCrab requires 1.5 DASH for unlocking files, and after expiration of several days the amount of redemption is doubled.
Another feature of neww encryptor is the use of the censorship-resistant .bit domains of the Namecoin project. Their main feature is that they do not depend on ICANN, the main governing body for domain names. Thus, the peer-to-peer network principle and the absence of an administrative center make it impossible to remove the name.
On several .bit domains there are control servers of malicious software. It is also interesting that domains are mockingly named "in honor of" the famous companies working in the field of cybersecurity. For example: bleepingcomputer [.] Bit, nomoreransom [.] Bit, esetnod32 [.] Bit, emsisoft [.] Bit, and so on.
At the moment, the experts have not yet created a tool to counter GandCrab, as well as to decipher the relevant information.