You are currently viewing Cybercriminals Using Innovative GrandCrab for Ransomware Attacks

Cybercriminals Using Innovative GrandCrab for Ransomware Attacks

Cybercriminals have turned to ransomware as the latest go-to tool for attacking and extorting businesses using a wide range of variants, such as GrandCrab. GrandCrab is the first ransomware to accept Dash cryptocurrency and to be based on a ransomware-as-a-service model that shares profits between malware developers and cybercriminals.

How do you protect your and your clients’ files from cybercriminals? Do you have a backup plan to decrease the risk of losing your important files?

In case of a ransomware attack, SkyFlok has a backup plan for its customers. With SkyFlok, you can recover in no time as we keep all previous versions of your files. Damage to the latest version due to a ransomware attack in your premises does not compromise the past versions.

Subscribe to SkyFlok and keep the privacy of your and your client’s data.

In addition, GrandCrab uses .BIT, which is a top-level domain that is served via the Namecoin cryptocurrency infrastructure and uses various name servers to help resolve DNS and redirect traffic to it, the report explained.

The security firm expected version 4 of GrandCrab to be available in July. The latest version renders the tool created by security researchers to prevent the encrypting of files useless.

In addition, Fortinet found that cryptomining criminals are now targeting IoT devices to mine currency. Because IoT devices tend to be always on and connected, this enables attackers to load them with malware that is continually engaged in cryptomining.

Fortinet’s FortiGuard Labs found that 96 percent of firms experienced at least one severe exploit during the quarter. In addition, nearly a quarter of companies saw cryptomining malware, and six malware variants spread to over 10 percent of all organizations. It also detected 30 new zero-day attacks in the quarter.

In terms of botnets, a new Mirai botnet variant called WICKED added at least three exploits to its toolkit to better target unpatched IoT devices, the report found.

VPNFilter, a nation-state-sponsored attack that targets industrial control systems, emerged as a significant threat in the quarter. VPNFilter is particularly devastating because it steals data and disables devices, either individually or simultaneously as a group.

The Anubis variant of Bankbot introduced several innovations, including ransomware, a keylogger, RAT functions, SMS interception, lock screen, and call forwarding. BankBot is a family of banking trojans that targets Android devices and steals credentials from the victim’s device.

Ransomware attacks have plagued healthcare organizations for a number of years. In 2017, the WannaCry ransomware targeted medical devices and caused widespread problems for healthcare organizations, including UK’s National Health Service. Earlier this year, SamSam ransomeware hit a number of healthcare organizations.

SamSam ransomware attacks have netted its creator $6 million so far. Three-quarters of the victims are based in the United States, and the largest ransom paid by an individual victim is $64,000.

Medium to large organizations in healthcare, education, and government make up half of the identified victims. Healthcare victims included Hancock Health Hospital and Adams Memorial Hospital, cloud-based EHR provider Allscripts, and possibly Case Regional Medical Center.

A threat report from security firm Cylance concluded that the healthcare industry is taking the brunt of ransomware attacks.

Ransomware attacks grew three-fold last year, with healthcare being affected the most by this increase, according to data collected from Cylance’s customers.

The most common malware infection vectors remained email phishing and drive-by downloads. System damage and data destruction represented the top risks from malware.

“Cybercriminals are adept at modifying their malware and methods to stay ahead of traditional protections that organizations deploy, as seen by the rise in infections and sophistication of attacks in 2017,” said Cylance Worldwide CTO Rahul Kashyap. “It’s critical that companies are aware of the threats, keep up-to-date with patches, and use defenses that protect against constantly evolving malware.”

Not surprisingly, ransomware attacks concern healthcare IT professionals. According to a survey of HIMSS18 attendees by security firm Imperva, a ransomware attack is the type of cyberattack that most worries healthcare IT professionals. Almost 10 percent of those surveyed had paid a ransom or extortion fee, while almost half didn’t know if they had paid a ransom or not.

Other types of cyberattacks that concerned respondents included insider threats, compromised applications, and distributed denial of service (DDoS) attacks.

More than one-third of healthcare organizations have suffered a cyberattack within the last year, the survey found.

“There have been a number of incidents recently where cybercrime has impacted hospitals and left them unable to access patient data, which demonstrates the consequences of a successful attack. It is crucial that healthcare organizations take steps to protect their data,” concluded Imperva CTO Terry Ray.


Or go back to

Daniel Lucani

PhD at MIT. Author of 8 patents and applications on network coding. Tech expert 12+ years experience.