Collective Intelligence Podcast, Chris Elisan Inside GandCrab Ransomware
SAN FRANCISCO—Ransomware remains a viable means of profit for cybercriminals, despite dipping numbers of infections and a steady migration by the bad guys toward cryptojacking and cryptomining.
GandCrab remains one of the more virulent and money-making ransomware ventures in the wild, generating millions since its first appearance in January 2018. In this episode of the Collective Intelligence podcast, Flashpoint Director of Intelligence Christopher “Tophs” Elisan goes inside GandCrab, describing the evolution of the malware and the business structure supporting it.
Elisan, along with Lior Ben-Porat of Microsoft and Daniel Frank of F5 Networks, this week delivered a presentation at RSA Conference 2019 entitled: “Exploit Kits, Malware ROI, and the Shift in Attack Vectors.” Elisan focused on GandCrab, breaking new ground with insights into the partnership and services aspects supporting the ransomware operation.
The Russian-speaking attackers, for example, will recruit partners on the Deep & Dark Web who can help spread the malware via botnets or exploit kits. The return is a reasonable split of the profits in this model. They also offer support for others who use the malware, or assist victims in obtaining cryptocurrency in order to pay their ransom demands.
Elisan also covers a timeline of GandCrab variants and changes made to its encryption schemes. Finally, he offers advice to defenders such as have available and secure offline backups of data in case of infection, as well as maintaining solid security hygiene through patching and updating operating systems and software to current versions.
The Collective Intelligence Podcast, presented by Flashpoint and hosted by Editorial Director Mike Mimoso, features regular interviews with a diverse set of industry experts and Flashpoint analysts on the latest information security news and industry trends.
Michael Mimoso brings over a decade of experience in IT security news reporting to Flashpoint. As Editorial Director, he collaborates with marketing, analyst, and leadership teams to share the company’s story. Prior to Flashpoint, Mike was as an Editor of Threatpost, where he covered security issues and cybercrime affecting businesses and end-users.
Prior to joining Threatpost, Mike was Editorial Director of the Security Media Group at TechTarget and Editor of Information Security magazine where he won several ASBPE national and regional writing awards. In addition, Information Security was a two-time finalist for national magazine of the year. He has been writing for business-to-business IT publications for 11 years, with a primary focus on information security.
Earlier in his career, Mike was an editor and reporter at several Boston-area newspapers. He holds a bachelor’s degree from Stonehill College in North Easton, Massachusetts.