The new findings of GrandCrab ransomware V5.0.5 [source: 360totalsecurity]
by CIRT Team
Recently, 360 Security Center detected that the GandCrab ransomware is back to attack Windows-based servers and PCs. We also found that if it detects that the computer system is using the Russian language, it will stop intruding. Not only that, but we also recently discovered that the GrandCrab ransomware will stop invading war-torn areas.
On 16th October, a Syrian user said on Twitter that GandCrab ransomware encrypted his computer files. Because he couldn’t afford to pay the ransom of up to $600, he could no longer see the photos of the younger son who lost his life because of the war.
The ransomware authors posted an apology statement and released the decryption keys for all Syrian infected people. GandCrab also carried out a V5.0.5 update to exclude Syria from the list of infected areas.
In recent years, GandCrab has gradually broadened its infection channel. The early versions of it have spread through webpages, but the advanced version of GandCrab has spawned the use of mail garbled, mobile storage tools and camouflage or other ransomware. It is also getting more and more refined in its encryption process.
For more, click here.