Email Love Letter GandCrab Infects Files, Orders to Send Bitcoin or Dash in New Ransomware Threat
New ransomware is affecting single individuals around the world. The ransomware is called GandCrab and has affected people pretending to be a love letter that is sent via email. Once the email infects the individual, they receive a message requesting payment in Bitcoin (BTC) or Dash (DASH).
The information about this ransomware has been published by the Mimecast Threat Labs Team. According to their report, the GandCrab ransomware encrypts victims’ files after sending them messages regarding a love letter and love declaration.
The victims have received an email with these subjects:
“Wrote my thoughts down about you” and “Felt in love with you.”
If the victim opens the email, they will see an asterisk and an attached file titled “Love_You_2018_” and there are some random numbers.
Users that opened the attachment were those that receive a message in English, Korean or Chinese in which the hacker says that this is a ransomware attack and that they should pay a ransom to unlock their files.
On Twitter, Mimecast released a post in which they explain how to avoid being attacked by these hackers.
How is #ValentineDay being exploited by threat actors like #GandCrab and what can you do to protect your team? Advice from Threat Labs & @JCDSecurity: https://t.co/DhNBHJ7Fnm pic.twitter.com/iOlX3XDLl1
— Mimecast (@Mimecast) February 14, 2019
Users affected with this ransomware have to pay within 7 days in either Bitcoin or Dash. If they do not pay, the attacker sends a message in which they inform that the money they have to pay will increase. It seems that not only cryptocurrency users are targeted. There is a chat window that allows affected users to receive information about how to deal with virtual currencies, how to purchase them and how to pay the ransom.
Thus, this attack seems to be much more advanced than other attacks that have been spreading on the internet before. It is also worth mentioning that the attacker seems to be avoiding Russian users. The attack detects whether users are using a Russian-configured keyboard.
GrandCrab is currently classified as Ransomware-as-a-Service (RaaS). That means that there are companies or bad actors that purchase the service from vendors on the darknet. During the last few weeks, the ransomware has been expanding all over the internet.
As virtual currencies started to expand all over the world, there are new ways of stealing users funds. Cryptocurrency exchanges have been affected in the last years. Billions of dollars have been lost to hackers since Bitcoin was released to the market more than 10 years ago.
One of the latest hacks affected the New Zealand-based crypto exchange Cryptopia. The firm lost more than $2.4 million in virtual currencies back in January 2019. Until now, users do not have their funds.