New Trojan detected threatening Windows users

06 February 2018
Doctor Web announced the discovery of another Trojan that encrypts user data and demands a ransom for restoring access to it. The malware was named Trojan.Encoder.24384, while the developers dubbed it "GandCrab!". It is reported that the Trojan attacks only Windows PCs. The malware encrypts the contents of internal and external hard drives, as well as network drives, and gives files the *.GDCB extension. In doing so, each disk is encrypted in a separate thread. In addition, the Trojan leaves some service and system folders untouched. After encryption is complete, the malware sends information to a remote server about the number of encrypted files and the time spent. Interestingly, the malware is able to forcibly terminate program processes based on a list provided by the attackers and can collect information about running antivirus software. Of course, to regain access to encrypted files, users are offered to pay a ransom. Unfortunately, no methods of decrypting encrypted files have been found yet. In addition, there is no guarantee that the attackers will actually give the user back access to the data after paying the ransom. That is why, as always, the best way to fight a Trojan is to follow the banal rules of online security. Also, it is recommended to use a reliable anti-virus, for example, Dr.Web, Kaspersky Anti-Virus or ESET NOD32.