Ransomware Attackers Targeting Larger Companies For More Money

By Published On: April 29, 2022

If you haven’t heard of the GrandCrab ransomware strain, it’s something you should put on your company’s radar.  It first emerged as a viable threat in early 2018.

Since that time, its creators have been constantly tweaking and honing their approach, turning it into a devastatingly effective strain.

The latest version GrandCrab 5.2 was released in February 2019, and researchers at Crowdstrike have been digging into both the software and the operating tactics of the group responsible for it.  Their findings are disturbing, to say the least.

The creators of GrandCrab are essentially operating their software under an affiliate scheme, where the owners of the software deploy it on behalf of hacker clients, offering it as a service for hire in exchange for 30-40 percent of the profits.  The company is even advertising on black hat forums and across the Dark Web, using ads designed specifically to pique the interest of other hackers in the community.

In addition to that, GrandCrab’s creators are ramping up their own efforts. They are increasingly ignoring smaller targets in preference for large companies with sprawling global networks, seeking a greater infection percentage (and a correspondingly higher payday).

The plan works like this:  Once they get hold inside a corporate network, rather than triggering the infection immediately, they explore the space and try to use their beachhead to expand the number of machines their infectious software resides on.  Only when they’ve achieved deep network penetration that spans a large percentage of the company’s networked machines do they trigger the infection. This results in the mass encryption of files across much (if not all) of the target network, instantly bringing the company to its knees.

The researchers have taken to calling this approach ‘Big Game Hunting’ for obvious reasons., It is proving to be brutally effective because statistically, infected companies are more likely than not to pony up the ransom money being demanded.

All that to say the hackers are getting increasingly savvy and organized.  Don’t let your guard down.

Used with permission from Article Aggregator

Bill Hogan - Partners Plus, Managed IT Services and IT Support

Bill Hogan is the Owner and President of Partners Plus. He has 40 years of experience in the technology industry, specifically IT support services. Bill has spoken at seminars all over the country about network management. Partners Plus was selected by PHL17 as the best Computer and Information Technology Support Company in the greater Philadelphia area in 2018.

Safe and Secure Information Technology will cover topics like ransomware prevention, solid-state drives, and chip shortage impacts.

Safe and Secure Information Technology

Subscribe to our Weekly Cybersecurity Tips

Contact Us Today

Partners Plus in Delaware
2 Penns Way,
Suite 307
New Castle, DE 19720

Phone: 302-529-3700

Partners Plus in Philidelphia
1515 Market St.,
Suite 1200
Philadelphia, PA 19102

Phone: 215-774-8980

Partners Plus in Malvern
101 Lindenwood Drive
Suite 225
Malvern, PA 19355

Phone: 610 361-9200