Threat Landscape Dashboard

Feedback

Home

GandCrab 5 - Ransomware

The ransomware appends random extensions to encrypted files and directs the victim to an html file for instructions on how to decrypt infected files. The threat actor demands the ransom be paid in either Bitcoin or DASH. GandCrab 5 also scans network shares and mapped drives to find files to encrypt. The threat actors behind the ransomware use a variety of infection vectors including PowerShell, Botnets, Exploit Kits, Trojanized Programs, SpearPhishing, and Remote Desktop.

Name	Modified Date	Sources
GandCrab 5 - Ransomware	2018-12-07	https://id-ransomware.blogspot.com/ https://www.bleepingcomputer.com/news/security/gandcrab-v5-ransomware-utilizing-the-alpc-task-scheduler-exploit/ https://securingtomorrow.mcafee.com/mcafee-labs/rapidly-evolving-ransomware-gandcrab-version-5-partners-with-crypter-service-for-obfuscation/ https://29wspy.ru/reversing.html https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gandcrab-ransomware/ https://www.bleepingcomputer.com/forums/t/685242/gand-crab-v503/ https://www.nomoreransom.org/en/index.html https://www.2-spyware.com/remove-gandcrab-5-0-9-ransomware.html