Thursday, April 25, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Magazine Security VirusBulletin 

New paper: Behind the scenes of GandCrab’s operation

admin

Though active for only a little over a year, GandCrab was one of the most successful ransomware operations and caused a great deal of damage worldwide. Running as a Ransomware-as-a-Service scheme, the malware regularly updated itself to newer versions to stay ahead of decryptors released by security researchers, and regularly included taunts, jokes and references to security organizations and researchers in its code.

One security vendor that found itself firmly in GandCrab’s firing line was South Korea-based AhnLab: GandCrab specifically targeted the company and its anti-malware program V3 Lite, even revealing a vulnerability in the security program and making attempts to delete it entirely.

Figure12-GandCrab.pngAhnLab text string used as a class name in the malware.

In a new paper (published today in both HTML and PDF format), the AhnLab Security Analysis Team reveal the full details of the battle that went on between GandCrab and AhnLab.

 

 

 

For more details of GandCrab, also see the VB2019 paper and presentation by McAfee researchers John Fokker and Alexandre Mundo, who looked both at the malware code and its evolution, and at the affiliate scheme behind it.

outertext
https://www.virusbulletin.com/rss