What’s worse than ransomware on your network? That would be ransomware that pilfers the information it wants first and then encrypts your data. Some researchers have discovered malware that uses advertisements to bait you into clicking. It then peruses your data, steals what it finds interesting, and then encrypts it. Criminals behind the ransomware GranCrab now have released a new and improved version with the addition of an infostealer called Vidar. So not only are they trying to extort money, but they are stealing info too and likely putting it up for sale on the Dark Web. It’s a lose-lose situation.
First, always be wary of clicking on those advertisements you see all over webpage these days. Often, they actually redirect the clicker to malicious sites or try to get sensitive information. Hover the mouse pointer over them first to see where they are going. If it isn’t clear to you or if there is a hint of doubt, don’t click it. Just go directly to the company’s website by typing it in the address bar, if you just can’t resist. Be aware, that if it’s truly a malicious website, rather than malware lurking in the ad itself, even manually typing in an address may still result in bad news.
Next, to avoid seeing those advertisements in the first place, consider using an ad blocking software. There are many reputable ones to choose from (many are free or donation-based) and they can prevent accidental clicks or just save you from having to look at them, if that is bothersome to you.
For those who allow advertising on their sites, review what your advertisers are putting up there. Yes, it’s quite a challenge, but worth it to keep your customers from never returning to your business.
It’s also should no longer be considered an option to skip backing up files these days. Ransomware is on the rise and most security companies predict it’s going to continue the upward trend throughout 2019. Be sure to put some type of backup program in place. If ransomware does strike, you can restore from your backups and save yourself time and frustration and your organization potentially a lot of moola.
For this particular piece of malware, it only takes a mere minute for Vidar to grab what it wants, download GranCrab, and encrypt the data. Yep. Just 60 seconds. It takes all kinds of information too; documents, cookies, browser histories (included from Tor-which supposedly keeps your browsing anonymous), currency from cryptocurrency wallets, and other things too. After that, some wallpaper is displayed letting the victim know, well, that they’ve become a victim.
It’s most certainly whammy! And not the one that makes you a winner on that 80’s TV Game Show, Press Your Luck.