Programs that encrypt the data and only release it again in exchange for a “ransom”, so-called “ransomware”, are unfortunately still a problem.
A current variant specifically targets network computers with Windows XP.
A little over a year ago, the “ WannaCry ” ransomware made the rounds. Now the software “GandCrab 4.1” is trying to force users to make payments. But this one has it all!
Windows XP is the target
Most users will now smile wearily: Who still uses Windows XP today?
The answer is: lots of company computers!
In fact, many small and medium-sized companies still use Windows XP and Windows Server 2002, often because they use special software that does not run correctly or not at all in the compatibility mode of the successor systems. In addition, such companies feel safe because they have a small intranet, so the computers are networked with each other, but not every computer has Internet access.
And that's exactly where it gets dangerous!
“GandCrab” was first at the end of January 2018 in versions 1.0 and 1.1. However, the developers of the ransomware are very active: just a week later there was a version 2.0 with more malicious functions.
Now a completely rewritten version 4.1 has appeared, which brings with it an innovation: It can also affect XP computers that do not have a direct Internet connection, but are only in the same network.
This is possible because the ransomware uses a technology based on leaked NSA software called “ Network Fucker ”. This means that the ransomware no longer needs a direct server on the Internet to send commands and receive data from the infected computer.
There are a lot of XP computers in my company, what can I do?
“It doesn't need any updates, it doesn't have the Internet anyway!” is what you often hear lightly in companies that use XP computers. These carefree times are now over, so let the responsible employee or administrator know quickly, because the damage that can be caused by “GandCrab” should not be underestimated: encrypted company data can drive a company to ruin. As ZDNet reported , only 26.4% of affected computers that were willing to pay the $400 ransom were decrypted.
The solution before damage occurs is quite simple: Windows XP and Windows Server 2002 need at least the updates from March 2017 , which contain the so-called “Eternal Blue” patch. In addition, virus scanners be kept up to date, as “GandCrab” spreads mainly through phishing emails: For example, an attached ZIP file is actually a Javascript that immediately downloads and installs ransomware and other malware onto the computer.
And especially important for companies: regular backups and store them on external storage media.
If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:
📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.
Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!
* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )

