W32/GandCrab_V5_2!tr.ransom
Analysis
W32/GandCrab_V5_2!tr.ransom is a generic detection for GandCrab v5.2 Ransomware.
Below are some of its observed characteristics/behaviours:
- This is a 5.2 version for Ransomware GandCrab which has the same characteristics/behaviours as other versions of GandCrab. Generic description for Gandcrab : W32/GandCrab.FOD!tr.ransom.
- zoneala{Removed}.bit
- ransomwa{Removed}.bit
|
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |