Hello, welcome to the Wednesday, February 20th, 2019 edition of the Sands of its Stormsendors

Stormcast. My name is Johannes Ulrich and I'm recording from Jacksonville, Florida.

Typically, most of the malware we're dealing with arrives in English language emails.

Now, Pratt is taking a look at something a little bit different. arrives in English language emails.

Now, Pratt is taking a look at something a little bit different in his latest diary,

and that's Malspam written in Russian.

Now, in this particular case, the Malspam links to Troll Dash or Shade, which is Ransomware.

In the past, these Russian emails typically just included a SIP file that would then, of

course, install the Ransomware for you.

Turns out the attackers are now taking an extra step.

They're attaching a PDF.

Now a link in the PDF will then get you to the zip file, similar zip file as before, that

will then take care of installing the ransomware.

And talking about ransomware, while we don't really hear as much about ransomware as we

heard like a year ago, it's still quite active of course and one

variant that has been very active this year so far is Gant Crab. We have had a couple

cases where people contacted us that are infected with Gant Crap. Well, there is some good news here.

Bit Defender released yet another free decryption tool for victims of GantCrap.

It works all the way up to version 5.1. However, as it's typical, the case with these kind of

decryption tools, the bad guys already came out with version 5.2. Has been cited about three days ago. Now,

some of the initial reports, it wasn't quite clear whether it was actually the new version

that they reported. Something else about Gant Crap. Now, a lot of Ransver, of course,

...