View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 14, 2019

Roses are Red, Violets are Blue, GandCrab’s Not Very Romantic

Psssst. It's not really a love letter...

By CBR Staff Writer

Roses are red

Violets are blue

Don’t click that link

You’ll catch a nasty case of ransomware (unless you’re Russian).

As romantic jingles go it may lack a certain je ne sais quoi, but then again, certain email deliveries being made today don’t really catch the spirit of Valentine’s Day either, with new research by email management company Mimecast showing that the threat actors behind ransomware GandCrab have launched a Valentine’s Day-themed phishing blitz.

GandCrab ransomware

A GandCrab ransom screen. Credit: Mimecast

Threat Actors typically use holiday seasons and specific dates in calendars throughout the year to target victims – often playing on emotions around events such as Valentine’s day to entice them into clicking on malicious URLs and opening malicious attachments.

Too often they are knocking at an unlocked door – research shows that phishing is still among the greatest cybersecurity risks – and the volumes are huge: Microsoft alone detects approximately 200 million phishing emails monthly.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

This week, fraudulent emails offering gifts, flowers and other services are the order of the day. Fake e-greetings, fake online customers surveys, malicious dating apps – used to harvest PII and financial credentials around Valentine’s day – and more are all involved in the Valentine’s Day blitz by the cybercriminals using GandCrab, Mimecast said.

Read this: New GandCrab Ransomware Decryptor Released

Features of GandCrab, differentiating them from other ransomware variants include the adoption of DASH cryptocurrency to enable faster and more secure transactions, the identification of Russian victims – if the ransomware detects a Russian keyboard layout, it terminates the execution and the ability to tailor and send out individual ransom notes to victims (suggesting some element of a targeted attack).

Pro tip: this is not a love letter

The ransomware has been so prolific that cybersecurity company Bitdefender, Europol, the Romanian Police and the FBI have teamed up to release a free GandCrab ransomware decryptor, which allows those impacted to break the malware (up to version 5.03) without paying a ransom.

(The decryption tool can be downloaded from Bitdefender Labs or the No More Ransom website – a joint project between the National Dutch Police and Europol to combat ransomware at the European Union level. GandCrab has infected over half a million victims since it was first detected in January 2018, according to Europol.


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.