The author of the GandCrab ransomware is a little bit bitter at South Korean security vendor AhnLab after the security firm released a vaccine for the GandCrab ransomware.
This bitterness boiled over earlier this week when the GandCrab author contacted Bleeping Computer with the news that the upcoming version of the GandCrab ransomware would contain an alleged zero-day for the AhnLab v3 Lite antivirus.
Retaliation for GandCrab vaccine app
The GandCrab author, who used the pseudonym of “Crabs” in conversations with this reporter, claimed this was payback for AhnLab releasing a vaccine app for the GandCrab ransomware v4.1.2, on July 19.
That vaccine app created a file on users’ computers that in the case of an actual GandCrab ransomware infection would trick the ransomware into thinking it already infected a victim.
“Their killswitch has became useless in only few hours,” Crabs told Bleeping Computer in Jabber IM conversation and via email, referring to the fact that he created and released a new ransomware version within hours after AhnLab released the vaccine (killswitch) app.
“My exploit will be an reputation hole for ahnlab for years,” Crabs stated, while also sharing a link to a file storage service that hosted the alleged exploit.
After receiving the alleged exploit, Bleeping Computer shared the exploit with the AhnLab team.
New GandCrab versions 4.2.1 and 4.3 include AhnLab exploit
We initially did not plan on releasing this article until AhnLab had patched their software, but things changed yesterday when Malwarebytes security researcher Marcelo Rivero, and then others, spotted GandCrab v4.2.1…