A new spam wave with the encryption Trojan Gandcrab is aimed primarily at catering establishments. The letters allege that someone had contracted a food poisoning after visiting the restaurant of the recipient of the e-mail, the State Criminal Police Office of Lower Saxony warns.
The message includes a photo of a woman with a red and swollen face. In the text, a lawyer is threatened and reported by a doctor whose diagnosis is allegedly found in the appendix. The aim of the criminal sender is that the recipient opens the attachment immediately and without thinking - be it in shock or out of curiosity.
If you drop in on the trick, the Gandcrab 5.2 Trojan hits the computer and encrypts all the data that the computer has access to, including other computers on the network and network hard drives as well. If the criminals have achieved this goal, they usually offer their victims a decryption code for a ransom.
Ransom is often required in Bitcoin
The general recommendation, however, is not to pay the blackmailers in such cases the required ransom sum, which is usually required in Bitcoin. Because a guarantee that the criminals actually send the promised decryption code after transferring the money does not exist. The blackmailers are finally criminal.
Decrypting data encrypted with the previous versions of Gandcrab 5.2 is relatively easy with software. The necessary decryption software can be found, for example, on the page "No more Ransom!", Which is also supported by the European Cybercrime Center.
For the version of this Trojan used in the current attack wave, however, no tool is yet known with which victims can regain access to their data.
As the most important security measure, the police therefore recommend caution, in addition to deactivate the so-called macro function in the settings of the Office application used. Because in the attached documents hidden macros are the gateway for the Trojan. Macros are automated command sequences. In principle, however, regular backups of all data on external data carriers are the best protection against encryption Trojans, which are also referred to as ransomware.