Security experts from Fortinet recently detected a new version of the GandCrab ransomware, ver 4.1, that is being distributed through compromised websites. The new variant uses the Salsa2.0 stream cipher to encrypt data instead of the RSA-2048 encryption that was used in early versions of the threat. As of March, the ransomware had infected over 50,000 systems and netted its operators over $600,000 in ransom payments. There is no evidence that those websites in the hard-coded list have actually been compromised, this circumstance suggests the authors of the malware are testing the functionality.”]
Source: https://securityaffairs.co/wordpress/74443/malware/gandcrab-ransomware-4-1.html