PINCHY SPIDER Affiliates Adopt "Big Game Hunting" Tactics to Distribute GandCrab Ransomware (Mar 6, 2019)
"PINCHY SPIDER," the developers behind the popular ransomware, "GandCrab," have been observed to deploy GandCrab in enterprise networks, utilising lateral movement and toolsets commonly associated with nation-related threat groups, in ransomware deployments known as "big game hunting." According to CrowdStrike, PINCHY SPIDER sells GandCrab to others in criminal forums, and has been consistently updating their ransomware capabilities due to the cybersecurity world developing decryptor tools and mitigations for GandCrab. The threat group was found to be recruiting for people who had remote desktop protocol (RDP) and VNC (Virtual Network Computing) skills, as well as have experience in corporate networking.
Recommendation: Ransomware can potentially be blocked by using endpoint protection solutions (HIDS), but new threats are constantly evolving to bypass these protections. Always keep your important files backed up. In the case of ransomware infection, the affected system must be wiped and reformatted. Other devices on the network should be checked for similar infections. Always check for a decryptor before considering payment; avoid payment at all costs. Ransomware should be reported to law enforcement agencies who are doing their best to track these actors and prevent ransom from being a profitable business for cyber criminals.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.