Magnitude Exploit Kit (EK) has been found spreading a severe threat called Gandcrab Ransomware, which can infiltrate your system behind your back and encrypt all your personal files without working from a malicious executable file. Getting hit by a ransomware is always a nightmare since there is usually a chance to lose all your encrypted files unless you have a backup stored somewhere safe, such as in cloud storage or on a removable drive. While right after its release back in January, 2018, this dangerous ransomware was first distributed in spam emails using a malicious .exe file as the attachment, it seems that this threat keeps changing and surprising its victims as well as malware researchers. In the past few months this major threat, which has infected tens of thousand of computers, has accumulated over $600,000 from the ransom fee it extorted from unsuspecting victims. And, this ransomware seems to go on infecting users like it is unstoppable. If you find out that your computer has been infected with this nightmarish malware program, you had better act right away and remove Gandcrab Ransomware from your PC.
Although Bitdefender managed to crack this dangerous threat and even released a decryptor to recover encrypted files of victims, somehow this ransomware program just keep changing its code as well as its distribution method to stay one step ahead of malware hunters. Unfortunately, this seems to be working out well for this malicious program. In the past four months it has got a number of updates and tweaks to keep running. When it first hit the web, the attackers behind this ransomware used the usual and most popular method to distribute it: spamming campaigns.
This means that a malicious executable file, probably called "gandcrab.exe," was attached to a spam mail. Obviously, this file was disguised so that you would think it is indeed an image or document file. Nobody in their right mind would ever run an attachment that is a dodgy .exe file called "imaencryptallyourfilesdude.exe," right? So it had to be presented in a deceptive manner. This spam may have claimed that you have an urgent outstanding invoice to settle, you provided the wrong credit card information while booking a flight or hotel room online, and the like. It is quite possible that most people would be curious enough to want to see what this mail has to tell them. However, the main trick here is that the message itself will not reveal any useful information, so you actually have to view the attached file for more details. And, that is when the nightmare usually kicks in. This method has been used so many times by ransomware threats and they still can trick people. What is important to remember is that it is not possible to delete Gandcrab Ransomware without risking the loss of your files to encryption if you were to open such a spam and its attachment.
However, things have already changed, as we have just mentioned. It seems that now these cyber criminals use social engineering attacks as well as an infamous EK called Magnitude, which has been around since 2014 and has been mainly used for drive-by-download attacks. This EK actually generates more than $60,000 weekly, which is a relatively nice annual salary for the hard-working general public. This exploit kit used to distribute other notorious ransomware threats like Cerber and Magniber. Now it seems to have switched to GandCrab version 2.0 instead. In this new attack, this EK uses a so-called fileless method. This simply means that the ransomware infection does not operate from a malicious executable dropped on your system (which could be possibly detected by up-to-date malware removers) but it uses your system RAM memory. This kind of malicious attack can take place for two main reasons. First, your PC is not protected by a powerful anti-malware program like SpyHunter. Second, your browsers and drivers are not updated. This EK is known, for example, to exploit these vulnerabilities: Internet Explorer (CVE-2016-0189) and Flash Player (CVE-2018-4878). No wonder why you need to update all your programs regularly for the best security possible.
Once executed, this dangerous ransomware program can encrypt all your personal files after forcing a reboot via explorer.exe. This can easily mean the loss of your photos, audios, videos, documents, databases as well as archives. The encrypted files can get either a ".CRAB" or a ".gdcb" extension. The ransom note is called "GDCB-DECRYPT.txt" and it is most likely dropped on your desktop. This note demands that you pay 1.54 DASH (around $750) to get the decryption key. We do not recommend that you ever comply with such demands. There is never any guarantee that you will get anything in return. Such criminals may simply attack you again once you prove to be a good victim who is ready to pay. We believe that it is vital that you remove Gandcrab Ransomware as soon as you notice that this beast has hit you. Remember that prevention is crucial if you want to keep your files and your system safe from such dangerous attacks. While you can try to implement some browsing habit changes to become more cautious, we definitely suggest that you consider installing a reliable anti-malware program as soon as possible.