Once again, GandCrab makes another appearance and this time its mask is a CDC email that passes off the ransomware to unsuspecting victims. The subject line being used is “Flu Pandemic Warning,” which may be hard for some users to avoid checking out. However, if the sender line is observed, users will notice the email account, Peter@eatpraynope[.]com, is not related to the CDC. Within the email is a document that is portrayed as a guide to avoid contracting the flu, but as usual, it is the ransomware that begins infecting when the doc is opened. After being installed and the files are encrypted, a ransom note is left for the victim. “The C2 for this is a well-known site ‘https [:]//www.kakaocorp.link/static/tmp/eshe[.]png’ where the ransomware posts encrypted/encoded details about the compromised computer,” the initial report stated.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is