Sign up for our newsletter
Technology / Cybersecurity

Roses are Red, Violets are Blue, GandCrab’s Not Very Romantic

Roses are red

Violets are blue

Don’t click that link

You’ll catch a nasty case of ransomware (unless you’re Russian).

White papers from our partners

As romantic jingles go it may lack a certain je ne sais quoi, but then again, certain email deliveries being made today don’t really catch the spirit of Valentine’s Day either, with new research by email management company Mimecast showing that the threat actors behind ransomware GandCrab have launched a Valentine’s Day-themed phishing blitz.

GandCrab ransomware
A GandCrab ransom screen. Credit: Mimecast

Threat Actors typically use holiday seasons and specific dates in calendars throughout the year to target victims – often playing on emotions around events such as Valentine’s day to entice them into clicking on malicious URLs and opening malicious attachments.

Too often they are knocking at an unlocked door – research shows that phishing is still among the greatest cybersecurity risks – and the volumes are huge: Microsoft alone detects approximately 200 million phishing emails monthly.

This week, fraudulent emails offering gifts, flowers and other services are the order of the day. Fake e-greetings, fake online customers surveys, malicious dating apps – used to harvest PII and financial credentials around Valentine’s day – and more are all involved in the Valentine’s Day blitz by the cybercriminals using GandCrab, Mimecast said.

Read this: New GandCrab Ransomware Decryptor Released

Features of GandCrab, differentiating them from other ransomware variants include the adoption of DASH cryptocurrency to enable faster and more secure transactions, the identification of Russian victims – if the ransomware detects a Russian keyboard layout, it terminates the execution and the ability to tailor and send out individual ransom notes to victims (suggesting some element of a targeted attack).

Pro tip: this is not a love letter

The ransomware has been so prolific that cybersecurity company Bitdefender, Europol, the Romanian Police and the FBI have teamed up to release a free GandCrab ransomware decryptor, which allows those impacted to break the malware (up to version 5.03) without paying a ransom.

(The decryption tool can be downloaded from Bitdefender Labs or the No More Ransom website – a joint project between the National Dutch Police and Europol to combat ransomware at the European Union level. GandCrab has infected over half a million victims since it was first detected in January 2018, according to Europol.


This article is from the CBROnline archive: some formatting and images may not be present.

CBR Staff Writer

CBR Online legacy content.