First observed in January 2017, GandCrab is a ransomware trojan delivered by a number of exploit kits including RIG, as well as by the Necurs botnet.
Once installed, GandCrab creates a registry entry so that it runs at start-up before collecting the information on the user and device. It will also check for the presence of anti-virus applications.
This is done through a series of malicious documents that ultimately install the ransomware via a PowerShell script.
Files are encrypted using the RSA algorithm, with the public and private keys generated using API calls to standard Microsoft libraries. The ransom note demands payment in Dash, a less widely used cryptocurrency.
More details here.
Microsoft Windows – All versions