Vidar and GandCrab: stealer and ransomware combo observed in the wild – Malwarebytes Labs
Threat actors combine new stealer Vidar and GandCrab ransomware in one-two punch.
According to Mike Bittner, Digital Security and Operations Manager for The Media Trust, “What makes this new mix novel and potent is its multi-pronged effort to establish an infection path—its use of the digital ad supply chain to spread its reach, two exploit kits to infect machines with a new data theft trojan, followed by ransomware that locks users out of their machines. In order to avoid inadvertently helping hackers behind this malvertising campaign commit theft and fraud through, operators and owners of ad-supported websites should make sure their ads and websites are free of malicious third-party code, a tall order. An ad-supported site can have hundreds, if not thousands, of third-party code executed by often unknown, constantly changing third-party code providers. But just as you would monitor who enters your home, you should scan ads and sites in order to identify and, if needed, terminate any unauthorized code at their source.”