It is amazing how often certain threats find new life, new twists, or in this case, a new host.
GandCrab ransomware is now finding its way onto legitimate websites of companies who have web traffic but potentially little expertise in cybersecurity.
As Threatpost reports, this makes it easy for bad actors to work without detection through unpatched sites and web frameworks:
“Adversaries, on the other hand, are able to quickly leverage these vulnerabilities and begin widely scanning the internet looking for potential victims. Leveraging these compromised sites in these types of spam campaigns is increasingly effective because adversaries don’t need to maintain persistence, or do much of anything other than copying a file to a specific location that they can point to systems, allowing for infection.”