Porn extortion malware GandCrab is back — and romantic

[harlan4096]

“We hijacked your webcam and nailed you watching porn. And encrypted your data. And now we want ransom.” You may remember that a somewhat similar blackmail scheme saw phenomenal success last year. Well, it seems rumors of the ransomware behind this extortion scam dying are slightly exaggerated.

GandCrab ransomware is back and active as ever. Its developers are constantly launching new versions so as not to lose the hard-won share it currently holds — about 40% of the whole ransomware market. The attackers who rent and propagate GandCrab are also staying current, opting for diversified, creative, and sometimes even romantic tactics to infect victims.

Ransomware for the sentimental

Subject lines with declarations of love may sound appealing, but “My love letter to you,” “Fell in love with you,” and “Wrote my thoughts down about you” actually herald possible disaster. And around Valentine’s Day, Christmas, New Year’s, or your birthday, or even just on a bleak Monday at work, such a message might not even raise alarms. Like every e-mail, however, this kind is worth careful consideration.

The most common variant of a malicious e-mail making rounds these days has a romantic phrase in the subject line, a heart symbol in the body, and an attachment — a ZIP file typically called Love_You followed by several digits. If you extract and execute the JavaScript file that is inside, it’ll download GandCrab ransomware.

Then, you’ll be directed to a note explaining that all of the data on your computer has been encrypted, and you can pay the ransom (likely in bitcoins) to get it back. If you don’t know how to deal with cryptocurrencies, the gang that orchestrated the attack kindly provides a live chat window to teach you how to purchase the necessary amount and pay the ransom.

Full Reading