GandCrab creators tweak ransomware, release v. 2.0
GandCrab creators tweak ransomware, release v. 2.0

The developers behind GandCrab have followed up on their promise and released version 2.0 of the ransomware, one that cannot be defeated by the free GandCrab 1.0 decryptor created by Bitdefender.

The updated version was first reported by MalwareHunterTeam, according to Bleeping Computer, which said was something the threat actors had recently promised. 

Some of the improvements include being more secure with the most obvious differentiator being the command and control server names politiaromana.bit, politiaromana.bit and gdcb.bit. The original servers were taken offline last by the Romanian police working with Bitdefender, so those behind GandCrab gave a hat tip to the Romanian police with the first name.

Another change is the encrypted files and ransom note now have .CRAB extension and Bleeping Computer noted that the ransom note itself has been reworded to include instructions on how to contact the attackers.

The Tor payment page was also redesigned.