Internet users have recently reported being provoked to open a phishing email containing crypto ransomware links. Cybercriminals used the ransomware program ‘GandCrab’ to encrypt victim’s data and requested a payout in Bitcoin or Dash for lifting a block from their files.
According to a report released by the Mimecast Threat Labs Team, criminals used GandCrab to encode user’s files. Victims of a cyber attack were sent emails containing romantic lines, namely ‘This is my love letter to you’, ‘Wrote my thoughts down about you’, ‘My letter just for you’ and ‘Felt in love with you.’
The malicious message has only an asterisk symbol (*) and a zip file attached to it. As it was reported, the zip file is called ‘Love_You_2018_’ and also contains 7 or 8 different numbers. Those, who click the fraudulent link, are offered a language preference (English, Chinese, or Korean). It suggests that the target audience is thoroughly picked out.
Victims were asked to send digital currency, including Bitcoin and Dash, to a certain e-wallet address. Only after the ransom is paid, they can have their files back. Besides, if a payment is not performed within 7 days, the amount of ransom will become twice bigger. It is interesting to notice, that people, who are not accustomed to cryptos, can open a live chat window, which is a part of ransomware, and find information helping to pay the ransom.
Holidays seem to be a favourite period for attackers, especially those involved in ransomware, Mimecast’s report states. It also identifies several types of emails, that may be used by cybercriminals. For example, emails offering fake gifts, fake online customers surveys, fake e-greetings, and malicious dating apps.
This ransomware is created to shoot lonely hearts in the Valentine’s period, however, Russians remain immune to such attacks because the program can detect Russian computers and leave them alone. These systems are considered to be designed in such a way that they do not target Russian users.
Furthermore, GandCrab is classified as a RaaS, meaning that it is a program used for hire. It acts as a vendor that offers its services to hackers and other cybercriminals. They can easily use it for the purposes of capturing computer files and demanding a ransom.