A new spam campaign designed to infect victims with GandCrab ransomware has surged over the past few days, as the criminals behind the scheme look to infect as many victims as possible.
GandCrab first emerged in January and those behind it have regularly updated the ransomware and altered their attack techniques in order to maximise profit from the file-encrypting malware.
Analysis by researchers at security company Fortinet found that three new samples of GandCrab 2.1 are being distributed as the payload in a single mass spam campaign.
“This means that newly created samples are being pushed simultaneously, possibly with different configurations, or simply in an attempt to evade specific file signatures,” said researchers.
Phishing emails feature common subjects about about payments, tickets, invoices and orders and contain a Javascript attachment which when executed, downloads GandCrab from a malicious URL.
Tens of thousands of GandCrab spam emails are being distributed each day, with mail servers hosted in the US by far the most common target, accounting for three quarters of deliveries. When it comes to successful infections, the US currently accounts for the fourth largest percentage of victims, behind Peru, Chile and India.