A new form of ransomware has emerged which is , unusually , being distributed by two separate exploit kits -- one of which was thought to have disappeared -- and demands payment Attack.Ransom in a lesser-known form of cryptocurrency . First seen on January 26 , GandCrab has been spotted being distributed by two exploit kits , RIG EK and GrandSoft EK . According to researchers at security company Malwarebytes , it 's unusual in itself for ransomware to be pushed using an exploit kit , with such tactics usually reserved for trojans and coin-miners . An exploit kit is used by cybercriminals to take advantage of vulnerabilities in systems in order to distribute malware and perform other malicious activities . In contrast , ransomware is usually delivered by spam email . The only other form of ransomware known to be consistently distributed with an exploit kit is Magniber . GandCrab is distributed via the RIG exploit kit , which uses vulnerabilities in Internet Explorer and Flash Player to launch JavaScript , Flash , and VBscript-based attacks to distribute malware to users . It 's possible that RIG spreads GandCrab to victims using malvertising on compromised websites , in an attack method similar to that used by Princess ransomware . GandCrab is also distributed using GrandSoft , an exploit kit which first appeared in 2012 , but was thought to have disappeared . The GrandSoft EK takes advantage of a vulnerability in the Java Runtime Environment which allows attackers to remotely execute code , and in this case is used to distribute GandCrab . Once the payload has been dropped and run on a compromised system , GandCrab , for the most part , acts like any other form of ransomware , encrypting Windows files using an RSA algorithm and demanding payment Attack.Ransom for the 'GandCrab Decryptor ' required to unlock the files . The encrypted files gain a .GDCB extension , with the encryption loop designed in such a way it will eventually affect every file on the drive . However , unlike many forms of ransomware , GandCrab does n't demand payment Attack.Ransom in bitcoin , but rather in a form of cryptocurrency called Dash . Those behind the ransomware demand Attack.Ransom 1.5 Dash ( listed on the note as $ 1,200 , although the fluctuating prices mean it 's ever changing ) as a ransom Attack.Ransom , a price which doubles to three Dash ( $ 2,400 ) if the price is n't paid Attack.Ransom within a few days . The demand Attack.Ransom for payment in Dash represents the latest example of ransomware distributors attempting to move away from bitcoin and onto other cryptocurrency , for reasons ranging from increased privacy and security to other forms of blockchain-based virtual currency being less popular than bitcoin and therefore quicker to process . There 's currently no means of decrypting GandCrab ransomware files for free at this time , meaning the best way to avoid falling victim is to ensure all software updates and patches have been applied Vulnerability-related.PatchVulnerability to ensure the vulnerabilities exploited Vulnerability-related.DiscoverVulnerability by the exploit kits ca n't be used to distribute ransomware from infected sites .

Hacking has long been thought of as a sort of black magic whose incantations are made using keyboards . That is , until 2016 , when the John Podesta email hack made big enough news that hackers ’ dirty secret got out : many breaches have less to do with coding skills and much more to do with classic trickery , albeit in digital form . Web users simply get duped Attack.Phishing into entering their username and passwords onto fake websites . With that information , it doesn ’ t take any special cleverness to hack a system . The attacker has the keys . The chief tool hackers use to lure Attack.Phishing unsuspecting people to these phony websites is email . When the victim works at a company of some kind , those credentials might provide cyber-criminals with access to more than just email . The same credentials might also provide access to intranets , servers and sensitive data . Executives are looking hard for ways to protect their operations today without cramping employee productivity . One method many might be looking at is virtual machines , workspaces that run software on the cloud but looks to the user just like a normal desktop . As counter-measures go , muckraking news outlet The Intercept has sung its praises . As it happens , Amazon Web Services announced a new offer on its blog Thursday—40 hours of virtual machinery free to users and companies that might want to try it out . Windows 7 and Windows 10 experiences are available . Working inside a window into the cloud protects physical devices from evil code a user might get tricked into initializing . Called WorkSpaces , it can give staff access to all of a company ’ s data and tools from anywhere . If an employee is working from home and gets hit Attack.Ransom by ransomware , it encrypts everything on the hard drive and demands payment Attack.Ransom in bitcoin to set data free . If the ransomware got run on the employee ’ s actual machine , all the music , photos and personal documents stored there would be locked up too . On a virtual machine , though , only the virtual device gets hit . All that personal data stays safe . If a user clicks on a link in a malicious email and accepts a prompt to enter their user name and password on a phony website , there is nothing about a virtual machine that will prevent that information from getting lost . That ’ s why it ’ s good for companies to have more robust sign-ons , such as using two-factor authentication . More sophisticated hackers might try to get specific credentials for high level employees in order to impersonate them digitally . For example , an attacker could send Attack.Phishing an email from an executive ’ s email address , Jakobsson explained , directing bookkeepers to wire money to a specific account for phony services , Jakobsson explained . The FBI has estimated that such scams have cost companies $ 5 billion over the last few years . A virtual machine can ’ t prevent that trick . Carbon Black delivers security services over the crowd , spotting attacks and detecting intruders . “ The majority of leading cybersecurity researchers are not yet ready to give all the power to the machines just yet , ” Rick McElroy , a security strategist there wrote the Observer , via a spokesperson . “ User awareness and education continue to major best practices when it comes to defending against phishing attacks Attack.Phishing . Computers will help , but not yet replace , human decision making. ” Desktop-as-a-service systems like WorkSpaces can turn clunky computers into lean , mean , totally updated machines . They might even be digital Sir Lancelot ’ s , protecting companies ’ IT castles well , but one knight won ’ t be enough—firms will still need a full roundtable .

A GandCrab ransomware attack Attack.Ransom , combined with a Comcast outage , caused a Florida Keys school district ’ s computer system to be down for a week . The computer system in a Florida Keys school district were down for a week due to a ransomware attack Attack.Ransom . The problems were made worse when just as the district was bringing up some administration and school computers , Comcast suffered a day-long outage due to a cut fiber . Monroe County School District was the victim of a GandCrab ransomware attack Attack.Ransom . GandCrab , first spotted in January , was dubbed the leading ransomware threat in July . A school district employee working on payroll discovered undisclosed problems on Sunday , Sept 9 , and submitted an IT ticket . IT contacted Symantec and was advised to bring it all down and secure the system . Pat Lefere , executive director of operations and planning for the district , told the Miami Herald , “ This particular one was a variant that Symantec hadn ’ t seen before . They took all of our files and created a patch for us . It was applied to all servers before bringing them back up. ” Symantec shows the latest detected GandCrab ransomware discovered on Wednesday , Sept 12 , but it may not be the variant that hit the Florida school district , as the IT department thought it had fixed the problem on Tuesday morning . Yet upon bringing the system back up , they saw the same issues as when the ransomware was discovered on Sunday and shut the system down again . “ We haven ’ t had any access to data that was inappropriate nor have we had lost data , ” district superintendent Mark Porter later told the Miami Herald . “ The bad news is we haven ’ t had the type of access our employees are used to. ” The cyber attack did not affect payroll , but it did affect delivery of students ’ mid-quarter progress reports . Monroe County School District claimed there were no ransom demands Attack.Ransom , but since ransomware locks up a system and demands payment Attack.Ransom to retrieve a decryption key for encrypted files , perhaps the district meant it didn ’ t cave to extortion ? Lefere said , “ That only happens for folks that don ’ t back up their stuff and are so desperate . We recover our files from the last backup. ” The district ’ s website was back up by Wednesday , but the computer systems remained partially down on Thursday . Lefere said the district rebuilt “ each server from scratch to make sure they ’ re clean . ”

The recent WannaCry ransomware attack Attack.Ransom , which spread to more than 100 countries , is only the beginning in a series of similar attacks , according to Cătălin Coșoi , head of the Bitdefender ’ s investigation team coordinating the relations of the company with institutions such as NATO , Europol , Interpol , or national response centers to cyber-security incidents , Agerpres reported . Romanian group Bitdefender is a global technology security company which provides cyber security solutions to more than 500 million users across businesses and homes in more than 150 countries . “ The WannaCry 1.0 and 2.0 versions , a type of fast-spreading ransomware that blocks the data of the users and then asks for a ransom Attack.Ransom , are only the beginning in a series of similar , ample attacks , making WannaCry one of the most significant IT threats of the next 12 months . The amplitude of the WannaCry phenomenon Attack.Ransom can be reduced rapidly if Microsoft decides to push Vulnerability-related.PatchVulnerability an update to all users who do not use the most recent version of the Windows operating system . This measure has been taken before , and the reach of the WannaCry threat Attack.Ransom could justify this again , in a controlled and coordinated method , with the support of authorities and of cyber-security companies . Although the measure of updating without the user ’ s permission would force the limits of current legislation , the Bitdefender expertise in cyber-security has proven that , many times , current regulations do not keep up with the evolution of the criminal phenomenon . This is why cooperation between authorities and the IT security industry is more needed than ever , ” Coșoi explained . The computers in public institutions , hospitals , and other social sector organizations are not usually updated with the most recent OS system , the Bitdefender representative said . “ If the respective terminals are not infected by ransomware now , they will remain vulnerable to other threats , including cyber-attacks sponsored by other states . In the event of such a scenario , ransomware would be a fortunate case , because it produces palpable consequences . On the other hand , the advanced threats used for espionage purposes could exploit the vulnerability of the operating system and systematically steal Attack.Databreach information for a long time , without being detected , ” Coșoi explained . A global WannaCry ransomware attack Attack.Ransom took place last weekend , affecting some 100 countries . The attack , which has been called “ unprecedented ” by Europol , has affected hospitals in Britain and Spanish telecom operator Telefonica , as well as courier service FedEx in the US . Car-maker Dacia had to halt its local production activities because of the attack . WannaCry is a ransomware attack Attack.Ransom which exploits a vulnerability of the Microsoft Windows operating system . Once installed on the infected computer , the virus encrypts the users ’ files and demands payment Attack.Ransom in bitcoin to allow the victims to access their data .