{"id":389,"date":"2018-05-10T20:23:25","date_gmt":"2018-05-10T20:23:25","guid":{"rendered":"https:\/\/kasperskycontenthub.com\/threatpost\/?p=131897"},"modified":"2018-05-10T20:23:25","modified_gmt":"2018-05-10T20:23:25","slug":"gandcrab-ransomware-found-hiding-on-legitimate-websites","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/gandcrab-ransomware-found-hiding-on-legitimate-websites\/","title":{"rendered":"GandCrab Ransomware Found Hiding on Legitimate Websites"},"content":{"rendered":"<div class=\"media_block\"><\/div>\n<div><img decoding=\"async\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/31\/2018\/05\/10155710\/Ransomware_Blog-e1525982253387.jpg\" class=\"ff-og-image-inserted\"\/><\/div>\n<p>The GandCrab ransomware continues to virulently spread and adapt to shifting cyber-conditions, most recently crawling back into relevance on the back of several large-scale spam campaigns.<\/p>\n<p>What\u2019s interesting is that GandCrab payload was found hiding on legitimate but compromised websites. These, when analyzed, were found to be riddled with vulnerabilities stemming from outdated software, highlighting one of the biggest issues when it comes to the security of cyberspace.<\/p>\n<p>\u201cMost small businesses aren\u2019t aware that a new vulnerability has been released against a web framework and even if they did, most lack the expertise and time to be able to frequently update the software that the companies\u2019 websites rely upon,\u201d explained Cisco Talos researcher Nick Biasini, who, along with fellow researchers Nick Lister and Christopher Marczewski, examined the campaigns and published an <a href=\"https:\/\/blog.talosintelligence.com\/2018\/05\/gandcrab-compromised-sites.html\">analysis<\/a> on Wednesday.<\/p>\n<p>He added, \u201cAdversaries, on the other hand, are able to quickly leverage these vulnerabilities and begin widely scanning the internet looking for potential victims. Leveraging these compromised sites in these types of spam campaigns is increasingly effective because adversaries don\u2019t need to maintain persistence, or do much of anything other than copying a file to a specific location that they can point to systems, allowing for infection.\u201d<\/p>\n<p><strong>Legitimate Payload Hosts<\/strong><\/p>\n<p>In all, Talos observed four, nearly identical offensives over the course of just one week at the beginning of May. Using e-commerce order lures, the emails included rudimentary body text and either an attached ZIP file or VBScrip file, which, when opened, pulled GandCrab off a website.<\/p>\n<p>Digging deeper, the researchers found that the malware was actually being served from legitimate websites rather than malicious links, including one for a courier service in India, and a WordPress site for an herbal medicine purveyor.<\/p>\n<p>After examining the Indian website, it became apparent that a host of issues were present in the website\u2019s code, including the use of default credentials and multiple MySQL vulnerabilities. As for the WordPress site, it was running a version of the content management system that was more than a year out of date. Both also have publicly exposed admin pages for the web frameworks they\u2019re using.<\/p>\n<p>Sites that use antiquated software are easy pickings for adversaries, and Biasini noted that using them to serve up malware saves \u201ctime and money, doing things like registering domains, buying VPS, and configuring a web server to host the files.\u201d The other added advantage is that bad actors can benefit from the web reputation of the site they compromise, which could help bypass some blacklisting technologies, in theory.<\/p>\n<p>\u201cThis malware is the latest in a long line of examples of why stopping malware distribution is a problem, and shows why securing websites is both an arduous and necessary task. As a clear example of how challenging resolving these issues can be, one of the sites \u2014 despite being shut down briefly \u2014 was seen serving GandCrab not once, but twice, over a few days.\u201d<\/p>\n<p><strong>The Payload<\/strong><\/p>\n<p>GandCrab spreads via the RIG and GrandSoft exploit kits, as well as via email spam as seen in the latest campaigns. However, there\u2019s also a GandCrab Affiliate Program, according to recent <a href=\"https:\/\/research.checkpoint.com\/gandcrab-ransomware-mindset\/\">research<\/a> from Check Point, which pays participants about 60 percent to 70 percent of the ransom revenue in return for full technical support. The firm observed one of the largest affiliates distributing 700 different samples of the malware during the month of March alone.<\/p>\n<p>\u201c[GandCrab] is under almost constant development, with its creators releasing new versions at an aggressive pace,\u201d Talos\u2019 Biasini said. \u201cIt does the typical things ransomware does, including encrypting files with the .CRAB extension, changing the user\u2019s background and leveraging Tor for communication.\u201d<\/p>\n<p>For instance, the malware quickly morphed to get around a free decryption tool. A joint operation in February by Romanian police, Bitdefender and Europol hacked into the malware\u2019s infrastructure, gathering analysis that ultimately <a href=\"https:\/\/labs.bitdefender.com\/2018\/02\/gandcrab-ransomware-decryption-tool-available-for-free\/\">produced a tool<\/a> allowing victims to decrypt their files for free. But a new version of the bad code quickly emerged within a month, with a fix for the critical encryption flaw that would have allowed a universal decryptor.<\/p>\n<p>Even though cryptomining has become the next big thing in malware, there are still billions of dollars to be had in the ransomware field. With tactics like using legitimate sites to hide the payload proving to be consistently effective, reaping those dollars becomes an easier task than it would be otherwise.<\/p>\n<p>\u201cThreats like GandCrab are going to continue to emerge time and time again,\u201d Biasini said. \u201cThere are millions and millions of web pages running on platforms that have thousands of vulnerabilities. Since most of these pages are created and maintained by small organizations that don\u2019t have the knowledge or resources to react to emerging vulnerabilities, this will continue to be a problem for the foreseeable future. As long as adversaries are able to hide their malware on legitimate sites, web reputation systems are going to be compromised.\u201d<\/p>\n<p>Read More <a href=\"https:\/\/threatpost.com\/gandcrab-ransomware-found-hiding-on-legitimate-websites\/131897\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The GandCrab ransomware continues to virulently spread and adapt to shifting cyber-conditions, most recently crawling back into relevance on the back of several large-scale spam campaigns. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":390,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[3],"tags":[258,18,259,28,260,91,19,69],"class_list":["post-389","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-threatpost","tag-gandcrab","tag-hacks","tag-legitimate-websites","tag-malware","tag-malware-analysis","tag-ransomware","tag-vulnerabilities","tag-web-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>GandCrab Ransomware Found Hiding on Legitimate Websites 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/gandcrab-ransomware-found-hiding-on-legitimate-websites\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GandCrab Ransomware Found Hiding on Legitimate Websites 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/gandcrab-ransomware-found-hiding-on-legitimate-websites\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-05-10T20:23:25+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/gandcrab-ransomware-found-hiding-on-legitimate-websites.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"824\" \/>\n\t<meta property=\"og:image:height\" content=\"597\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gandcrab-ransomware-found-hiding-on-legitimate-websites\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gandcrab-ransomware-found-hiding-on-legitimate-websites\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"GandCrab Ransomware Found Hiding on Legitimate Websites\",\"datePublished\":\"2018-05-10T20:23:25+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gandcrab-ransomware-found-hiding-on-legitimate-websites\\\/\"},\"wordCount\":830,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gandcrab-ransomware-found-hiding-on-legitimate-websites\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/gandcrab-ransomware-found-hiding-on-legitimate-websites.jpg\",\"keywords\":[\"GandCrab\",\"Hacks\",\"legitimate websites\",\"Malware\",\"Malware analysis\",\"ransomware\",\"Vulnerabilities\",\"Web Security\"],\"articleSection\":[\"Threatpost\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gandcrab-ransomware-found-hiding-on-legitimate-websites\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gandcrab-ransomware-found-hiding-on-legitimate-websites\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gandcrab-ransomware-found-hiding-on-legitimate-websites\\\/\",\"name\":\"GandCrab Ransomware Found Hiding on Legitimate Websites 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gandcrab-ransomware-found-hiding-on-legitimate-websites\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gandcrab-ransomware-found-hiding-on-legitimate-websites\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/gandcrab-ransomware-found-hiding-on-legitimate-websites.jpg\",\"datePublished\":\"2018-05-10T20:23:25+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gandcrab-ransomware-found-hiding-on-legitimate-websites\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gandcrab-ransomware-found-hiding-on-legitimate-websites\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gandcrab-ransomware-found-hiding-on-legitimate-websites\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/gandcrab-ransomware-found-hiding-on-legitimate-websites.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/gandcrab-ransomware-found-hiding-on-legitimate-websites.jpg\",\"width\":824,\"height\":597},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gandcrab-ransomware-found-hiding-on-legitimate-websites\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"GandCrab\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/gandcrab\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"GandCrab Ransomware Found Hiding on Legitimate Websites\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"GandCrab Ransomware Found Hiding on Legitimate Websites 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/gandcrab-ransomware-found-hiding-on-legitimate-websites\/","og_locale":"en_US","og_type":"article","og_title":"GandCrab Ransomware Found Hiding on Legitimate Websites 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/gandcrab-ransomware-found-hiding-on-legitimate-websites\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-05-10T20:23:25+00:00","og_image":[{"width":824,"height":597,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/gandcrab-ransomware-found-hiding-on-legitimate-websites.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/gandcrab-ransomware-found-hiding-on-legitimate-websites\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/gandcrab-ransomware-found-hiding-on-legitimate-websites\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"GandCrab Ransomware Found Hiding on Legitimate Websites","datePublished":"2018-05-10T20:23:25+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/gandcrab-ransomware-found-hiding-on-legitimate-websites\/"},"wordCount":830,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/gandcrab-ransomware-found-hiding-on-legitimate-websites\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/gandcrab-ransomware-found-hiding-on-legitimate-websites.jpg","keywords":["GandCrab","Hacks","legitimate websites","Malware","Malware analysis","ransomware","Vulnerabilities","Web Security"],"articleSection":["Threatpost"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/gandcrab-ransomware-found-hiding-on-legitimate-websites\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/gandcrab-ransomware-found-hiding-on-legitimate-websites\/","url":"https:\/\/www.threatshub.org\/blog\/gandcrab-ransomware-found-hiding-on-legitimate-websites\/","name":"GandCrab Ransomware Found Hiding on Legitimate Websites 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/gandcrab-ransomware-found-hiding-on-legitimate-websites\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/gandcrab-ransomware-found-hiding-on-legitimate-websites\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/gandcrab-ransomware-found-hiding-on-legitimate-websites.jpg","datePublished":"2018-05-10T20:23:25+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/gandcrab-ransomware-found-hiding-on-legitimate-websites\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/gandcrab-ransomware-found-hiding-on-legitimate-websites\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/gandcrab-ransomware-found-hiding-on-legitimate-websites\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/gandcrab-ransomware-found-hiding-on-legitimate-websites.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/gandcrab-ransomware-found-hiding-on-legitimate-websites.jpg","width":824,"height":597},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/gandcrab-ransomware-found-hiding-on-legitimate-websites\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"GandCrab","item":"https:\/\/www.threatshub.org\/blog\/tag\/gandcrab\/"},{"@type":"ListItem","position":3,"name":"GandCrab Ransomware Found Hiding on Legitimate Websites"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/389","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=389"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/389\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/390"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=389"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=389"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=389"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}