Ransomware Tricks Lonely Singles, Demands Dash and Bitcoin

 A new ransomware strain called GandCrab has recently started  infecting people by pretending to be a love letter sent via email. After  infecting victims, it instructs them to pay with either bitcoin or  dash.According to a report  published by the Mimecast Threat Labs Team, the GandCrab ransomware  strain encrypts victims’ files after sending them messages that try to  trick them into believing they’ll be reading a love letter, or some  other love declaration.

Victims are approached by an email with a  subject in along the lines of “Wrote my thoughts down about you,” or  “Felt in love with you.” Inside the email there’s merely an asterisk and  an attached file titled “Love_You_2018_” followed by random numbers.Those  who end up opening the attachment are then asked whether they’d like to  see in English, Korean, or Chinese – which indicates these are the  ransomware’s targets. If they go on, their files are encrypted and a  cryptocurrency ransom is demanded. 

 After being asked for a ransom in either BTC or Dash, the victims are  then told that if they don’t pay within seven days, the ransom is going  to double. The attack appears to be somewhat advanced, as it even  features a live chat window to help those who don’t know how to use  cryptocurrencies.Notably, the ransomware appears to deliberately  avoid targeting Russian users, and it stops the attack if it detects the  victim has a Russian-configured keyboard. 

Per Mimecast, this “signals  these campaigns are specifically designed to not target Russian users.”GandCrab  is notably classified as Ransomware-as—a-Service (RaaS), meaning  hackers and bad actors purchase the service from vendors – presumably on  the dark net – to then target victims with it.The ransomware is  notably taking advantage of the holidays to try and trick users through  false promotions, gifts, and campaigns. Mimecast also found fake  customer surveys, malicious data apps, and non-malicious compromised  dating apps spreading GandCrab.As CryptoGlobe covered, researchers have recently warned that “Anatova,” a ransomware strain demanding Dash from its victims, could “become very dangerous.”  

Ransomware strains demand Dash instead of BTC or XMR have been growing  in popularity. GandCrab was, however, the first one to do so.