Threat Watch

GandCrab 5.2 Being Distributed Through Fake CDC Flu Warning Email

Once again, GandCrab makes another appearance and this time its mask is a CDC email that passes off the ransomware to unsuspecting victims. The subject line being used is “Flu Pandemic Warning,” which may be hard for some users to avoid checking out. However, if the sender line is observed, users will notice the email account, Peter@eatpraynope[.]com, is not related to the CDC. Within the email is a document that is portrayed as a guide to avoid contracting the flu, but as usual, it is the ransomware that begins infecting when the doc is opened. After being installed and the files are encrypted, a ransom note is left for the victim. “The C2 for this is a well-known site ‘https [:]//www.kakaocorp.link/static/tmp/eshe[.]png’ where the ransomware posts encrypted/encoded details about the compromised computer,”  the initial report stated.

ANALYST NOTES

Users should avoid emails from unknown senders. If users receive emails similar to the one described above, they should disregard them. If they do open them, the link or attachment should never be opened