silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,154
GandCrab, a ransomware family that has received numerous updates in recent months, is now attempting to infect Windows XP machines using the NSA-linked EternalBlue exploit.
The malware is usually spreading via spam emails, but GandCrab 4, which first emerged earlier this month, is being distributed via compromised websites, Fortinet says. The malware now appends the .KRAB extension to the encrypted files.
Both the malware executable and the download links are being updated regularly, the security researchers say. In fact, within days after version 4 emerged, the ransomware authors released GandCrab 4.1, which has already showed signs of network communication.
More importantly, as security researcher Kevin Beaumont has discovered, the ransomware is also attempting to spread through the National Security Agency’s EternalBlue SMB exploit.