GandCrab Ransomware

 

 

Cybercriminals behind GandCrab have added the infostealer Vidar in the process for distributing the ransomware piece, which helps increase their profits by pilfering sensitive information before encrypting the computer files.

Following the trails of a malvertising campaign targeting users of torrent trackers and video streaming websites, malware researchers found that Fallout Exploit Kit was used to spread a relatively new infostealer called Vidar, which doubled as a downloader for GandCrab.

Using a rogue advertising domain, the threat actor triaged by geolocation the visitors of the compromised websites and redirected them to an exploit kit (EK).

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against GandCrab ransomware and similar threats. Make sure you only download legitimate apps from the app store and do not click on suspicious links. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.

 

CVE-2018-19718

 

 

Adobe has released a security update for Adobe Connect. This update resolves an important session token exposure vulnerability. This update affects Adobe Connect versions 9.8.1 and earlier.

Source: Adobe

How do you protect yourself?

Adobe recommends users update their software installation to the newest version.

 

CryptoMix Ransomware

 

 

An old family of ransomware has returned with a new campaign which uses information about children stolen from crowdfunding websites and claims that payments made in exchange for unlocking encrypted files will be donated to good causes.

However, researchers at cyber security firm Coveware have uncovered a new CryptoMix campaign that looks to make up for its lack of notoriety with this unpleasant new trick.

This ransomware attack begins, like many others, with brute force attacks targeting weak passwords on RDP ports. Once inside the network, the attackers harvest the admin credentials required to move across the network before encrypting servers and wiping back-ups.

Victims are then presented with a ransom note that tells them to send an email to the ransomware distributors, who also warn victims not to use any security software against CryptoMix, with the attackers claiming that this could permanently damage the system (a common tactic used by attackers to dissuade victims from using security software to restore their computer).

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against CryptoMix ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.