The GandCrab2 Ransomware is an encryption ransomware Trojan that has been associated with websites on the Dark Web. The GandCrab2 Ransomware stands out because the people associated with the GandCrab2 Ransomware attack demand a ransom payment using the Dash cryptocurrency rather than the more common Bitcoin. The GandCrab2 Ransomware may be delivered to victims of the attack through the use of compromised spam email messages. These email messages will contain a Microsoft Word file attachment that uses embedded macro scripts to download and install the GandCrab2 Ransomware onto the victim's computer. The GandCrab2 Ransomware is very similar to most other encryption ransomware Trojans and, as in most cases, prevention is the key to defeating these threats.
This Week In Malware Episode 21 Part 3: GandCrab, REvil, Sodinokibi Ransomware Threats Remain Extremely Dangerous in Q4 2020
This Crab will Cause Double Indigestion to Computer Users
The GandCrab2 Ransomware attack is simple. The GandCrab2 Ransomware will encrypt the user-generated files using a strong encryption algorithm. This allows the GandCrab2 Ransomware to take the victim's files hostage. The following are some of the file types typically compromised by a GandCrab2 Ransomware attack:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
The GandCrab2 Ransomware communicates with its Command and Control server to receive data and deliver information about the victim's computer. The GandCrab2 Ransomware will mark the files compromised by its attack with the file extension '.CRAB' added to the end of each affected file's name.
The GandCrab2 Ransomware's Ransom Demand
The GandCrab2 Ransomware demands a ransom payment after taking the victim's files hostage. To do this, the GandCrab2 Ransomware delivers a ransom note contained in a text file named 'CRAB-DECRYPT.txt,' which demands the payment of a ransom from the victim. The following is the message that is delivered to victims of the GandCrab2 Ransomware attack:
'We are sorry, but your files have been encrypted!. Don't worry, you can return all your files! We can help you!
Files decryptor price is 500 USD If payment is not made after the cost of decrypting files will be doubled
Time left to double price: [countdown timer]
What happened? Your computer have been infected with GandCrab Ransomware. Your files have been encrypted and you can't decrypt it yourself.
In the network, you can find decryptors and third-party software, but it will not help you and can make your files undecryptable.
What can I do to get back my files? You should buy GandCrab Decryptor. This software will decrypt all your encrypted files and remove GangCrab Ransomware from your PC. Current price: S500. 00. For payment you need a cryptocurrency DASH
What guarantees can you give me? You can use test decryption and decrypt 1 file for free.
What is DASH and how can I purchase GandCrab Decryptor? You have a few ways to buy DASH. Abbreviation - DSH.
Buy GandCrab Decryptor
1 DSH = $[current price]
Payment amount [price according to conversion rates] DSH
To complete a payment, please send 0.8095986 DSH to the address:
Protecting Your Data from the GandCrab2 Ransomware
PC researchers strongly advise computer users to refrain from paying the GandCrab2 Ransomware ransom. Instead, computer users should use a security program that is fully up-to-date to remove the GandCrab2 Ransomware and prevent these threats from being installed. The best protection against the GandCrab2 Ransomware is to have file backups on a portable memory device or stored in the cloud.