Buzz
Discovered last month, the third variant of the ransomware initiates system reboots, attempting to alter computer desktop backgrounds. However, due to encryption errors, only Windows 10 and Windows 8 systems are fully loaded, while Windows 7 computers hang at a point before the Windows Shell is fully loaded.
GandCrab spreads through spam emails. Last week, Fortinet detected a significant increase in ransomware distribution messages. Email attachments contain version 2.1 of the malware, with approximately 75% targeting users in the United States. Users in the United Kingdom, Canada, Romania, and South Africa are also affected.
Warning: GandCrab Ransomware Threatens Windows 7 Systems
In recent days, the GandCrab ransomware has undergone a new mutation, though most functionalities remain intact. The sole change lies in the desktop wallpaper alteration feature, exclusive to Windows 10 and Windows 8.1 systems.
Fortinet elaborates: 'Due to certain reasons on Windows 7, the system startup function fails to conclude, instead getting stuck at a point prior to the full loading of the Windows Shell. This implies an infected user will lack a Windows interface for interaction, rendering the computer non-functional.'
Security experts caution that the GandCrab Ransomware warning may disrupt Windows 7 systems akin to older screen-locking ransomware variants. Users will only encounter a ransom demand on their screen and be directed to a TOR browser download site.
However, the ransom demand instructs victims to read the ransom note of one of the ransom amounts 'CRAB-DECRYPT.txt' note that the malware has been distributed in various directories to guide how to restore encrypted files. Since there is no Windows interface, average users cannot perform this task.
Users are advised to open Task Manager by using the CTRL + SHIFT + DEL key combination to kill the process of the malware and restart the system. However, this is only a temporary solution and may not resolve the issue as the malware has its own mechanism to ensure it executes upon reboot.
To prevent the lock screen from appearing on the next boot, users should delete the executable file of the malware from APPDATA%\Microsoft\
Fortinet notes: 'If you see a ransom demand and notice your files missing, or even worse, you may lose access to your computer. Malware vulnerabilities causing unwanted consequences are increasingly common, which is why you should be cautious with emails not marked as important.'
In addition, users are advised to scan and verify email attachments before opening them. It's also recommended to create separate backups for important files to ensure they can be restored in case of malware infection. If you use Gmail, you can learn how to back up Gmail here.
Although the new features in GandCrab may not perform well on all targeted systems, this ransomware is actively being deployed, making the malware campaign even more dangerous.
WhatsApp is an extremely popular messaging and chat software worldwide. If you're using this software, you'll need to be aware of a text message that crashes WhatsApp on Android devices for a short period of time.
