Select Page

Recently, the GandCrab ransomware family has widely spread in China. The databases, pictures, documents, and compressed files on infected hosts are encrypted, causing a shutdown of business systems.


Since its discovery in January, GandCrab has spread rapidly, with many variations in less than one year, showing how active and aggressive the ransomware developers are. China has been experiencing an outbreak, and many companies are victims.


At present, GandCrab combines phishing emails, webpage Trojans, vulnerability exploits, RDP brute force cracking, botnets and other attack methods to penetrate. After successful penetration, it begins to encrypt the core key data stored in the internal systems. Information about the ransom is shown in *-DECRYPT.TXT file.


By executing GandCrab in a virtual system, we have discovered its potential malicious behavior, the tremendous damage to business systems and core data, as well as the economic and productivity impact on enterprises and users.

[Hillstone Networks Solutions]


Hillstone’s Comprehensive Threat Detection Solution

According to the different attack methods used by GandCrab, we provide corresponding detection engines and update the signatures. It can be quickly discovered based on the execution pattern of the ransomware. The ransomware variants can thereby be discovered quickly to deliver protection at the network perimeter.

[Pre-breach] Against vulnerability exploits and RDP brute force cracking


Blocks vulnerability exploits and intercepts brute force attacks.

[Breach] Against ransomware downloads


Effectively defend against ransomware via virus filtering

Effectively detect ransomware variants via the Hillstone cloud sandbox.

[Post-breach] Against connection to CnC server by infected host


Effectively defend against ransomware via virus filtering

Hillstone NGFWs Recognized for 8th Straight Year in Gartner® Magic Quadrant™, Named as a “Visionary”

Hillstone Networks Wins 2021 CybersecAsia Readers’ Choice Award

ZTNA: A Better Way to Control Access, Boost Security

Hillstone sBDS V3.4 Extends Supplementary Detection Capabilities

Kudos to the Hillstone Security Research Team for Being Acknowledge by Microsoft for Vulnerability Discovery

Hillstone Releases iSource, an Extended Detection and Response Platform

Hillstone’s A200W streamlines deployment of cost-effective perimeter solution

Endpoint Detection and Response: Getting from Good to Great

ADC V2.9 delivers traffic and balances links at an unprecedented level