GandCrab Operators use Vidar Infostealer to steal personal details

Cyber criminals behind GranCrab revive a latest version of the ransomware (GranCrab 5.04 ransomware) by adding Vidar Infostealer (a huge-risk Trojan virus) in the process for distributing the ransomware piece. The vidar Infostealer helps the cyber criminals in increase their benefits by stealing sensitive data before encrypting the computer files.

Deep analysis

Cybersercurity researchers found that Fallout Exploit Kit was used to spread the Infostealer called Vidar. According to them, bad actors use a rogue advertising domain. Visitors of this domain are redirected to the exploit Kit (EK).

The Fallout pushed Vidar that work as a malware dropper and in this case the malware was GranCrab ransomware, said the Jerume Segura of Malwarebytes.

Vidar is a commercial threat available for $700. It helps in stealing passwords and forms from web browsers. It collects specific information like payment card numbers, or credentials stored in various application. It can infiltrate malware and in this very case it promotes the latest version of GranCrab that is GranCrab 5.04 ransomware.

What’s new in the latest GranCrab ransomware

The GranCrab 5.04 ransomware encrypts the stored data and demands ransom fee to supposedly restore the files. It can encrypt almost all the data including audios, videos, images, videos, presentations, documents etc. Unlike GranCrab’s other version such as V1, V2, V3, and V5 to V5.02, free GranCrab decryption tool is not available for GranCrab 5.04 ransomware.

So at presents, if you sour system has being infected by the latest GranCrab version malware, then you have no other choice than to contacting cyber criminals for the decryption tool to access back to the files once again. And also, there may possible that your files would not be retrieved even if you met their demands.