Maksim Kabakou - Fotolia
A fourth version of the GandCrab ransomware was discovered in July 2018, but researchers are just starting to understand the extent of the changes. How does this version of GandCrab ransomware differ from previous versions and who is at risk?
For many complex reasons, legacy systems may be present in an environment, and the options to secure them can be very limited. This makes them a particularly high-risk vector for attacks and, consequently, incident response costs could be significant. Likewise, there is an emerging trend of ransomware targeting those legacy systems.
An update to the GandCrab ransomware was identified in July 2018. Some of the changes included the use of the EternalBlue exploit in an attack against vulnerable Windows systems via the server message block and over the network into a ransomware worm. This update enabled hackers to target Windows XP and Windows Server 2003 systems.
Likewise, the new GandCrab attack includes functionality so that it doesn't need a command-and-control mechanism to operate, making it easier to attack an air-gapped environment. According to Fortinet, the update also changed the attack's encryption functionality to potentially make it faster.
With this updated malware, legacy systems are at the highest risk since many antimalware tools reasonably stopped supporting Windows Server 2003 and Windows XP. These same systems may not have been patched, making them vulnerable to the EternalBlue exploit. Likewise, the system may use an administrative account by default, creating additional risk.
Enterprises using good security hygiene will have the security controls in place to stop the GandCrab ransomware, but they may still have vulnerable legacy systems on their networks. These legacy systems may require network access, making them vulnerable to attack without the necessary controls to prevent vulnerable systems from being infected with the GandCrab ransomware.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Enterprises new to the cloud can write new security policies from scratch, but others with broad cloud usage may need an update. Consider these ... Continue Reading
Cloud security providers need to play catch-up with the evolving advancements in cloud technology. Find out what the top CSPs offer today and which ... Continue Reading
Cloud security certifications serve to bolster security professionals' resumes and boost value to employers. Learn about the top certifications ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.