Friday, March 29, 2024

Gandcrab Ransomware Attack on Chinese Government Internal Network

Hackers launched ransomware attacks on Chinese Government department and infected their internal computer network to lock the file and demand the ransom.

The Gandcrab Ransomware is a widespread Ransomware, nowadays it evolves with newly updated features under constant development, to target various countries.

Cybercriminals initiated this attack from outside of the country to target the government departments network.

The attack starts from March 11, 2019, using recently updated GANDCRABV5.2 latest upgraded ransomware version in February 2019 with newly added functionalities.

Gandcrab ransomware was distributed through various form of attacks such as social media campaigns, exploit kit, weaponized office documents, and compromised websites.

In this case, attackers launched this ransomware via spam email campaign with a malicious file attachment which has dropped into the Chinese Government network.

China’s National Network and Information Security Information Center have reported to the country officials that attackers are targeting government department website emails to drop this Gandcrab ransomware.

Malicious Emails contain version 5.2 of the GandCrab ransomware hidden as an archive named “03-11-19.rar.”

Further investigation reveals that it will encrypt the hard disk data of the user host and let the victim user access the URL to download the Tor browser.

In this case, Attackers demand the ransom via digital currency, for that ransomware open the digital currency payment window and asks the victim to pay the ransom.

The demanded ransom sum is not disclosed in the statement and Chinese government officials are yet to disclose the damages that caused by this Ransomware attacks.

All units are required to conduct risk warnings, investigate, and report any future attacks. Officials said.

Related Read : Ransomware Attack Response and Mitigation Checklist

Previous GandCrab Ransomware Attacks

Torrents Sites Banned A Famous “CrackNow” Torrent Uploader that sharing GandCrab Ransomware

Beware of Malicious Word Documents that Downloads the Ursnif Malware and GandCrab Ransomware

Hackers Launching Fallout Exploit Kit with New Flash Exploits That Delivers GandCrab Ransomware

Hackers Launching Gandcrab Ransomware via Super Mario Image Using Weaponized Excel Document

New Malvertising Chain that Steals Confidential Information and Encrypts With GandCrab Ransomware

Website

Latest articles

Beware Of Weaponized Air Force invitation PDF Targeting Indian Defense And Energy Sectors

EclecticIQ cybersecurity researchers have uncovered a cyberespionage operation dubbed "Operation FlightNight" targeting Indian government...

WarzoneRAT Returns Post FBI Seizure: Utilizing LNK & HTA File

The notorious WarzoneRAT malware has made a comeback, despite the FBI's recent efforts to...

Google Revealed Kernel Address Sanitizer To Harden Android Firmware And Beyond

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source...

Compromised SaaS Supply Chain Apps: 97% of Organizations at Risk of Cyber Attacks

Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation,...

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles