{"id":92088,"date":"2018-10-16T17:15:28","date_gmt":"2018-10-17T00:15:28","guid":{"rendered":"https:\/\/securingtomorrow.mcafee.com\/?p=92088"},"modified":"2025-08-13T00:41:10","modified_gmt":"2025-08-13T07:41:10","slug":"gandcrab-ransomware","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/internet-security\/gandcrab-ransomware\/","title":{"rendered":"Breaking Down the Rapidly Evolving GandCrab Ransomware"},"content":{"rendered":"

Most ransomware strains have the same commonalities \u2013 bitter ransom notes, payment demanded in cryptocurrency, and inventive names. A select few, however, can go undetected by a handful of antimalware products. Meet GandCrab ransomware, a strain that somehow manages to accomplish all of the above. Our McAfee Labs team has found<\/a> that the ransomware, which first appeared in January, has been updating rapidly during its short lifespan, and now includes a handful of new features, including the ability to remain undetected by some antimalware products.<\/p>\n

First and foremost, let\u2019s break down how GandCrab gets its start. The stealthy strain manages to spread in a variety of ways. GandCrab can make its way to users\u2019 devices via remote desktop connections with either weak security or bought in underground forums, phishing emails, legitimate programs that have been infected with the malware, specific exploits kits, botnets, and more.<\/p>\n

GandCrab\u2019s goal, just like other ransomware attacks, is to encrypt victims\u2019 files and promise to release them for a fee paid in a form of cryptocurrency (often Dash or Bitcoin). It can also be sold across the dark web as ransomware-as-a-service, or RaaS, which allows wannabe cybercriminals to purchase the strain to conduct an attack of their own.<\/p>\n

Tips to Avoid Ransomware<\/h2>\n

So, the next question is what can users do to defend against this tricky attack? Thankfully, McAfee gateway and endpoint customers are protected<\/a> against the latest GandCrab versions but beyond using security software, there are a handful of other things you can do to ensure you\u2019re protected from GandCrab ransomware. Start by following these tips:<\/p>\n