CYBER NEWS

Arquivo Killswitch Agora Disponível para GandCrab v4.1.2 Ransomware

The South Korean company Ahnlab has developed a Killswitch for the latest version of the virus, que se autodenomina v4.1.2, fazendo com que o funcionamento de paragem de ransomware.




AhnLab já teria analisado a versão interna 4.1.2 de ransomware GandCrab, que faz parte do 4.1 versão, usando o .Extensão de arquivo KRAB após criptografia de arquivo. Researchers have then designed an app, that works as a defensive measure and can be dropped on users’ computers before they become infected with GandCrab 4.1.2. For the defense tactic to work, you will need to get the file, which has a string in it’s name and has the .lock file extension. Such .lock files are essential to GandCrab’s way of operation and here are the steps in which they are created:

Degrau 1: GandCrab 4.1.2 infects your computer and encrypts your files.
Degrau 2: The virus creates a .lock file with a mutex, for which the virus scans for comparing the file to the .lock files of other infected computers.
Degrau 3: If the .lock file already belongs to GandCrab’s infected computers’ list, the virus shuts down and doesn’t encrypt anything to prevent double encryption and infection to take place.

Researchers have cleverly devised such a .lock file, which acts as a killswitch and the whole app can be downloaded from the following link (also available on asec.ahnlab.com/1145):

Baixar

GandCrab Killswitch


IMPORTANT NOTICE! Your antivirus may detect the killswitch as a virus, but it is also available on Anhlab’s research site above and we believe that the file can be trusted, because it is not an actual GandCrab but merely a method used to prevent the actual threat so be advised to disable your antivirus and anti-malware software before downloading the file.

Após baixar o arquivo, victims should save it either in the %Application Data% directory for older Windows Versions or in the %ProgramData% directory for Windows 7 and newer versions of the operating system. This prevents your computer from certain file encryption, even if GandCrab v4.1.2 has already infected the machine.




New Updates in GandCrab v4.1.2<

GandCrab is the type of ransomware that has been spreading and infecting computers since janeiro, 2018. The virus has undergone major changes since then, using fake Dental Records and other fake .exe files to infect user PC’s. The malware which prayed on users who had SMBv1 enabled on their machine has been updated in a 4.1 versão, which has evolved in it’s current 4.1.2 internal variant. A última versão de GandCrab is using more and more methods to spread, like the newer EternalBlue exploits used in the WannaCry surto, that happened back in 2017. But in the same time, this newer version of the virus has also stopped using some older exploits, like SMB to infect computers, suggesting newer operating systems to be targeted. One thing has remained certain – GandCrab still uses the same methods to spread and they are not likely to be automatic, since the virus uses spam e-mails with malicious attachments of all types and may also upload the infection files on suspicious and low reputation sites. It is strongly advisable to apply proper anti-malware protection and also make sure to learn how to safely store your important files in order to protect yourself from malware infections, gostar GandCrab (see related articles below):

relacionado: Proteja-se contra ser infectado por maliciosos e-mails

relacionado: Armazenar com segurança seus arquivos importantes e protegê-los de Malware

Avatar

Ventsislav Krastev

Ventsislav é especialista em segurança cibernética na SensorsTechForum desde 2015. Ele tem pesquisado, cobertura, ajudando vítimas com as mais recentes infecções por malware, além de testar e revisar software e os mais recentes desenvolvimentos tecnológicos. Formado marketing bem, Ventsislav também é apaixonado por aprender novas mudanças e inovações em segurança cibernética que se tornam revolucionárias. Depois de estudar o gerenciamento da cadeia de valor, Administração de rede e administração de computadores de aplicativos do sistema, ele encontrou sua verdadeira vocação no setor de segurança cibernética e acredita firmemente na educação de todos os usuários quanto à segurança e proteção on-line.

mais Posts - Local na rede Internet

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...