Ransomware is one of the most brutal forms of malware in the wild today. Because it locks up all of a computer's files and demands payment to get them back, it basically renders a machine inoperable.
Criminals who create malware don't give up easily. Once a particular type is more or less shut down by security software, they come up with a new one to cause more trouble. One of the biggest names in ransomware recently is GandCrab. Let's take a look at its history and what you should know about it.
What Is GandCrab?
GandCrab is an aggressive form of ransomware that's been in the public eye for several months. It was first detected in January 2018 and has been causing problems since.
As you'd imagine, it follows standard ransomware behavior. Once it gets on a computer, it encrypts all the files and tells you to pay up if you want to get them back. The ransom can be anywhere from $300 all the way up to $6,000. To keep everything under wraps, it requires payment through virtual currencies like Bitcoin because they're essentially impossible to trace.
Playing Whack-a-Mole With Law Enforcement
Because GandCrab has spread so widely, various law enforcement entities and security companies have worked together to combat it. In February 2018, the police of Romania, along with Bitdefender and Europol, created a tool to decrypt the first version of the ransomware at No More Ransom.
However, the malware developers fought back. They released "improved" versions of GandCrab to get around these decryption tools, even mocking the good guys in the process. GandCrab has gone through several more iterations over the last year. It's helped along by malware developers offering small-time crooks a chance to inflict it upon people in exchange for a cut of the ransom.
Thankfully, the teams working to fight against this have updated their tool. It now covers almost every version of GandCrab and can decrypt victim's files for free. As of February 2019, Bitdefender reports it has helped nearly 20,000 people recover their files and save $18 million.
Dealing With Ransomware
As we've discussed before, ransomware is a threat, but you can protect yourself against it with a few important steps.
The most important is to keep regular backups of your files. You can do this on an external hard drive, cloud tool, or similar, but backing up consistently is key. If you do get hit by ransomware, it doesn't sting nearly as much if you have another copy of the files you can restore.
If you're a Managed Services client, we handle backup of important files for you. But you should make sure you're backing up your machines at home in case they get hit. The same goes for security software: Bitdefender, which we use for our clients, protects against these attacks. You must make sure you use a reliable and updated security tool on your own computers.
Aside from this, you have a better chance of steering clear of ransomware if you avoid suspicious content. Don't click on any links in emails, and certainly don't open any attachments that you aren't 100% sure about. Only download software from sources you trust, and watch that you don't accidentally click on any malicious ads.
Whatever you do, do not pay the ransom that they demand. There's no guarantee that you'll actually get your files back if you do this, and paying up rewards this despicable behavior with money, encouraging them to keep doing it.