Stay in the know
Stay updated with the latest news in the cyber security space and become a blog member, gaining access to our inside scope of the latest developments in cyberspace.
How does Gandcrab V5 encrypt a computer?
When GandCrab v5 is executed, it will scan the computer and any network shares for files to encrypt. When scanning for network shares, it will identify all shares on the network and not just mapped drives. Therefore, it is important to make sure all network shares are locked down on your network. When the ransomware encounters a targeted file, it will encrypt the file and then append a random 5 character extension.
What is GandCRAB Ransomware?
Let's take a deeper dive
GandGRAB Ransomware was released in late 2016 and has since evolved to many different versions. The hackers behind GandCRAB are continuously updating and releasing improved versions, with currently six different variants being distributed as a Ransomware-As-A-Service(RAAS). This specific Ransomware uses several ways to spread itself through the systems, and some include using phishing emails and JavaScript Droppers.
GandCRAB ransomware is a Trojan horse that encodes files on the compromised computer and requests an installment to unscramble them. The new GandCrab V5 was released with random extensions and a new HTML ransom note.
-
Initial Rapid Release version January 30, 2018 revision 023
-
Latest Rapid Release version November 30, 2018, revision 023
-
Initial Daily Certified version January 31, 2018 revision 002
-
Latest Daily Certified version November 29, 2018, revision 001
-
Initial Weekly Certified release date January 31, 2018
How can you protect yourself from Ransomware?
Some helpful tips to help protect yourself are;
Reliable backups!
Be wary of unsolicited attachments, even from people you know! Restrict RDP access – Port 3389
Endpoint/network security
Windows and security patch updates!
Complex passwords
Please submit an online case or talk to one of our Ransomware Specialists to evaluate!
