{"id":17489,"date":"2020-01-20T10:52:16","date_gmt":"2020-01-20T18:52:16","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2020\/01\/20\/news-11224\/"},"modified":"2020-01-20T10:52:16","modified_gmt":"2020-01-20T18:52:16","slug":"news-11224","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2020\/01\/20\/news-11224\/","title":{"rendered":"New paper: Behind the scenes of GandCrab’s operation"},"content":{"rendered":"

Though active for only a little over a year, GandCrab was one of the most successful ransomware operations and caused a great deal of damage worldwide. Running as a Ransomware-as-a-Service scheme, the malware regularly updated itself to newer versions to stay ahead of decryptors released by security researchers, and regularly included taunts, jokes and references to security organizations and researchers in its code.<\/p>\n

One security vendor that found itself firmly in GandCrab’s firing line was South Korea-based AhnLab<\/em>: GandCrab specifically targeted the company and its anti-malware program V3 Lite<\/em>, even revealing a vulnerability in the security program and making attempts to delete it entirely.<\/p>\n

\"Figure12-GandCrab.png\"AhnLab text string used as a class name in the malware.<\/span><\/p>\n

In a new paper (published today in both HTML<\/a> and PDF <\/a>format), the AhnLab<\/em> Security Analysis Team reveal the full details of the battle that went on between GandCrab and AhnLab<\/em>.<\/p>\n

\u00a0<\/p>\n

\u00a0<\/p>\n

\u00a0<\/p>\n

For more details of GandCrab, also see the VB2019 paper<\/a> and presentation <\/a>by McAfee researchers John Fokker and Alexandre Mundo, who looked both at the malware code and its evolution, and at the affiliate scheme behind it.<\/em><\/p>\n

outertext
https:\/\/www.virusbulletin.com\/rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"


The GandCrab ransomware regularly updated itself to newer versions to stay ahead of decryptors released by security researchers, and regularly included taunts, jokes and references to security organizations in its code. In a new paper, the AhnLab Security Analysis Team reveal the full details of the battle that went on between GandCrab and AhnLab. <\/p>\n

Read more<\/a> <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[23177,10378,23176],"tags":[],"class_list":["post-17489","post","type-post","status-publish","format-standard","hentry","category-magazine","category-security","category-virusbulletin"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17489","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=17489"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17489\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=17489"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=17489"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=17489"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}