It was only a few months back that free decryption tools
were made available for GandCrab version 5.0 - 5.0.3. And, while these tools
are yet to be made public, a new version of GandCrab has appeared. The
developers of GandCrab released the new version - GandCrab v5.1 - within
24 hours of the release of the decryption tools.
The latest version of the ransomware comes with a variety of distribution changes and UX updates to the GandCrab TOR sites.
Multiple attack vectors and distribution techniques
Highlighting on the attack vectors of the ransomware, the
researchers said, “The primary attack vector for ransomware remains RDP ports,
but GandCrab has a diverse array of distribution methods. While RDP-based
ransomware attacks remain popular, automated attacks using exploit kits such as
Fallout EK, Emotet, or credential stealers like Vidar have been linked to
GandCrab infections as well.”