Hackers send GandCrab-laced phishing emails to ruin Valentine’s Day

• These emails are sent with different subject lines such as "This is my love letter to you" or "Wrote my thoughts down about you."
• The ransom demanded by the attackers in this campaign is believed to be at $2,500 per user.

While everyone is engrossed in celebrating Valentine’s Day, GandCrab ransomware has found a new way to disturb its target. Hackers have been observed sending GandCrab-laced phishing emails to infect victims.

Modus Operandi

According to a report from Mimecast researchers, hackers typically send fake romantic emails to users. These emails are sent to the users with different subject lines such as "This is my love letter to you" or "Wrote my thoughts down about you." It contains a malicious zip file with a name similar to Love_You_2018, plus a few random digits. This malicious file, once opened, downloads and launches the ransomware.

After the ransomware encrypts all the files on a victim’s machine, it displays a ransom note on the screen. The note contains a link; if clicked; asks the user to authenticate by uploading a file created by malware. The note is written in three different languages viz. English, Korean and Chinese.

“When these tactics are successful, threat actors can use the PII exposed in other campaigns, sell it to other threat actors, use it in identity theft or, possibly, blackmail and extort if the attack has been targeted against a specific individual or entity,” said the Mimecast researchers in a blog post.

The ransom demanded by the attackers in this campaign is believed to be at $2,500 per user.

Researchers expect that the threat actor group behind the GandCrab will continue to evolve the ransomware over the coming 12 months to increase their profits.

“It is likely the threat actor group behind GandCrab will continue to update the code over the coming 12 months, adding new features and ironing out any issues, along with offering GandCrab as a RaaS to increase their profits,” researchers added.