Malware News GandCrab Ransomware Spreads Via NSA Exploit

silversurfer

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Forum Veteran
Aug 17, 2014
12,746
123,926
8,399
Content source
https://www.securityweek.com/gandcrab-ransomware-spreads-nsa-exploit
GandCrab, a ransomware family that has received numerous updates in recent months, is now attempting to infect Windows XP machines using the NSA-linked EternalBlue exploit.

The malware is usually spreading via spam emails, but GandCrab 4, which first emerged earlier this month, is being distributed via compromised websites, Fortinet says. The malware now appends the .KRAB extension to the encrypted files.
Click to expand...
Both the malware executable and the download links are being updated regularly, the security researchers say. In fact, within days after version 4 emerged, the ransomware authors released GandCrab 4.1, which has already showed signs of network communication.

More importantly, as security researcher Kevin Beaumont has discovered, the ransomware is also attempting to spread through the National Security Agency’s EternalBlue SMB exploit.
Click to expand...
 
  • Like
Reactions: LASER_oneXM, yitworths, Weebarra and 9 others
Microsoft was serious about SMB1 already 2016.
Stop using SMB1. Stop using SMB1. STOP USING SMB1!
Click to expand...

Stop using SMB1

1*SURQTGB6d5UmSCWwLnQ9GQ.png
 
  • Like
Reactions: LASER_oneXM, Weebarra, vtqhtr413 and 3 others
You must log in or register to reply here.

You may also like...