"Doctor Web" warns about the appearance of a new malicious program that extorts money from its victims: malicious received the designation Trojan.Encoder.24384, but the creators call it "GandCrab!".

Trojan attacks users of personal computers running Windows operating systems. Having penetrated the PC, the extortionist encrypts the contents of fixed, removable and network drives, with the exception of a number of folders, among which there are service and system files. Each disk is encrypted in a separate thread. After the end of the encoding, malware sends data to the server about the number of encrypted files and the time spent on encryption.

Trojan can also collect information about the existence of running antivirus processes. The extortionist is able to forcefully terminate the processes of the programs according to the list given by the virus writers.

Encoded files are assigned the extension * .GDCB. The message with the requirements of extortionists and the list of extensions of encrypted files are stored in the body of the Trojan encrypted using the XOR algorithm.

After executing malicious operations, the program displays a message with the demand for redemption. Alas, at the present time, decryption of files coded by malware is impossible.