Grandcrab uses Windows security gap
Blackmail Trojan attacks via manipulated websites
Have you heard of Grandcrab? It is a blackmail Trojan, which was initially sent via applications to companies. But now Grandcrab is attacking private computers too.
Find out with us how the Trojan spreads and how you can protect yourself.
Grandcrab exploits gaps in Windows and Flash Player
The ransomware Trojan initially became known because it was sent via applications to companies. It was hidden in an annex, like Locky and others. It is not new however, it appeared for the first time six months ago. But it only really got going a few weeks ago. Almost two years ago, Bad Rabbit was doing a similar thing.
But now Grandcrab has changed its behavior. The Trojan has exploited a security gap, in fact two security gaps! These are in Windows and Flash Player, but there are already updates for both.
Ransomware Grandcrab encrypts files
Security firm FireEye reports that the ransomware Grandcrab is using a new exploit kit on compromised websites. This exploit kit not only introduces the Trojan but also other malicious software .
So far, only the Asian region has been affected, but the blackmail Trojan will spread. It’s not known how quickly that will be. But it would be best to update your software now if you haven’t already done so. The Windows vulnerability can be closed with the August update. Check out our blog post to determine if your software is up to date – Windows 10 version. Be sure to follow the update notifications and update your software.
What is Grandcrab doing?
Grandcrab is a classic blackmail Trojan. That means it will encrypt your data when it’s on your computer. Similar Trojans are DoubleLocker or Lukitus . They all have only one goal: they want to blackmail you for money. The criminals promise to decrypt your data once you have paid them. The current Trojan calls for $500 in Bitcoin, which is currently 0.08 Bitcoin.
There is no guarantee for the decryption. Therefore, experts advise not to respond to the claim. In some cases, security experts can provide decryption tools, but this does not always work.
Data encrypted – What can you do?
If your data is encrypted, try to keep calm. Disconnect your computer from the network, so that the Trojan cannot follow up with more malicious software This would mean even more damage. Hopefully, you have made regular backups, then you can easily restore your encrypted data.
If you do not have a backup, you have to hope for a decryption tool. However, so that you do not ever get into this situation, never open attachments of unknown origin and do not click on links that you get unexpectedly by e-mail. Of course, you can also get help from your local IT Service Provider. You are safe from your data being lost with our backup service. We also recommend a suitable virus protection. If the worst happens and you have already been affected, we can help with a professional virus removal .