GandCrab Ransomware
First observed in January 2017, GandCrab is a ransomware trojan delivered by a number of exploit kits including RIG, as well as by the Necurs botnet.
Once installed, GandCrab creates a registry entry so that it runs at start-up before collecting the information on the user and device. It will also check for the presence of anti-virus applications.
This is done through a series of malicious documents that ultimately install the ransomware via a PowerShell script.
Files are encrypted using the RSA algorithm, with the public and private keys generated using API calls to standard Microsoft libraries. The ransom note demands payment in Dash, a less widely used cryptocurrency.
More details here.
Recovery
Recovery details can be found here
Affected Platforms
Microsoft Windows – All versions
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.