Since the release of GandCrab v5.2 in February 2019, it has been used in a couple of attacks.
Attackers leveraged fake Center for Disease Control (CDC) warning to distribute the GandCrab 5.2 ransomware onto the victims’ systems.
GandCrab v5.2 has been used to target the Chinese government officials via a phishing campaign that included a malicious archive named ‘03-11-19.rar.
Last month, a medical billing service provider ‘Doctors’ Management Service’ suffered a GandCrab ransomware attack compromising patients’ data from almost 38 clients.
In the latest attack, attackers exploited a vulnerability in Confluence Server and Data Center to distribute GandCrab ransomware as well as a variant of AESDDoS botnet.
This shows the extent to which threat actors can go to perpetrate large scale attacks by continuously improving GandCrab ransomware.