GandCrab ransomware, which has created itself in the Internet security industry with its constant evolution, has again provoked turmoil. The latest version of ransomware uses SMB exploit spreader via exposed sites. The ransomware adds new features every day to target different countries.
Attackers behind the ransomware scan the entire internet to find vulnerable sites to launch the attack. The most recent version includes a long hard-coded list of websites that were vulnerable and used to perform the attack.
A false random algorithm has been used by attackers to select a predefined word to fill in the URL for each host, and the final URL is created as "www. Host ».com / data / tmp / sokakeme.jpg«.
According to several reports, this newer version of ransomware can be spread through an "SMB exploit". Interestingly, the same exploit was used to spread the WannaCry and Petya / NotPeta ransomware attacks last year.
To spread through SMB vulnerabilities, the entire ransomware code was rewritten and malware is now using EternalBlue National Security Agency (NSA) exploits to attack more quickly.
A survey suggests that a section called "network f ** ker" is responsible for SMB exploits.
Fortinet, an internet security company, said "With GandCrab's rapid development last week and the public speculation of this exploit, it would not be surprising if the attackers behind it decided to add it to a future update."
However, Microsoft has turned its attention to ransomware and has created a MS17-010 security patch. To protect your system, make sure it is up to date with the latest security version.