“GandCrab” likes to hide in fake application letters!
As the Federal Office for Information Security warns, a wave of ransomware is currently often leading to successful infections of workstations and networks, in which file folders and files are encrypted on a large scale and ransoms are extorted.
The Federal Office for Information Security ( BSI ) has noticed a massive increase in these incidents in authorities, companies and institutions in recent days.
The “ GandCrab ” ransomware usually hides in fake application letters that contain an encrypted archive file (such as .rar ) and an .exe .pdf file . The recipients will then be given the password needed to open the archive file in the text of the email or in an attached .txt file.
As a result of this approach, the detection rate for commercial protection products is currently particularly low because the protection programs cannot unpack the encrypted archives. particularly protected by additional individual measures from the BSI The procedure described here can also be applied in the same way to other malware variants .
BSI explains :
“Ransomware is and remains a serious threat. The cyber criminals' actions in the current case also show that technical countermeasures must be implemented consistently and thoughtfully. Awareness-raising measures for employees should also be part of the standard training program in companies, especially where emails from unknown senders with unknown file attachments also have to be opened, as is the case in human resources departments. Many companies are suffering from the shortage of skilled workers and are happy about every application they receive. However, this should not lead to complacency in cybersecurity.”
IT security managers should take the following measures to protect against the attack variant described above:
- Raise awareness among users
- Check whether the security product used is able to identify passwords from the email text and/or attachments and use them for encrypted archives
- Check whether encrypted archives are legitimate and common in the organization or company and make appropriate recommendations to your employees or take appropriate technical measures to block encrypted archives in emails
- Prevent the installation of malicious content by taking appropriate security measures:
- Administrator rights should only be granted to a limited extent
- Use suitable software products to prevent executable programs from being started in document and temporary folders using blacklisting
- The NomoreRansom for some earlier versions of the currently used GandCrab malware (www.nomoreransom.org ) .
Small and large companies receive assistance and recommendations for increasing the IT security and warding off such cyber Alliance for Cyber Security or UP KRITIS .
If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:
📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.
Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!
* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )

