Recently, the GandCrab ransomware family has widely spread in China. The databases, pictures, documents, and compressed files on infected hosts are encrypted, causing a shutdown of business systems.
Since its discovery in January, GandCrab has spread rapidly, with many variations in less than one year, showing how active and aggressive the ransomware developers are. China has been experiencing an outbreak, and many companies are victims.
At present, GandCrab combines phishing emails, webpage Trojans, vulnerability exploits, RDP brute force cracking, botnets and other attack methods to penetrate. After successful penetration, it begins to encrypt the core key data stored in the internal systems. Information about the ransom is shown in *-DECRYPT.TXT file.
By executing GandCrab in a virtual system, we have discovered its potential malicious behavior, the tremendous damage to business systems and core data, as well as the economic and productivity impact on enterprises and users.
[Hillstone Networks Solutions]
Hillstone’s Comprehensive Threat Detection Solution
According to the different attack methods used by GandCrab, we provide corresponding detection engines and update the signatures. It can be quickly discovered based on the execution pattern of the ransomware. The ransomware variants can thereby be discovered quickly to deliver protection at the network perimeter.
[Pre-breach] Against vulnerability exploits and RDP brute force cracking
Blocks vulnerability exploits and intercepts brute force attacks.
[Breach] Against ransomware downloads
Effectively defend against ransomware via virus filtering
Effectively detect ransomware variants via the Hillstone cloud sandbox.
[Post-breach] Against connection to CnC server by infected host
Effectively defend against ransomware via virus filtering
