W32/GandCrab_V5_2!tr.ransom

description-logoAnalysis

W32/GandCrab_V5_2!tr.ransom is a generic detection for GandCrab v5.2 Ransomware.
Below are some of its observed characteristics/behaviours:

  • This is a 5.2 version for Ransomware GandCrab which has the same characteristics/behaviours as other versions of GandCrab. Generic description for Gandcrab : W32/GandCrab.FOD!tr.ransom.

  • This Ransomware may connect to following remote domains:
    • zoneala{Removed}.bit
    • ransomwa{Removed}.bit

  • Below is an illustration of the malware's Ransom notes:

    • Figure 1: Ransom notes .


  • recommended-action-logoRecommended Action

    • Make sure that your FortiGate/FortiClient system is using the latest AV database.
    • Quarantine/delete files that are detected and replace infected files with clean backup copies.

    Telemetry logoTelemetry

    Detection Availability

    FortiGate
    FortiClient
    FortiAPS
    FortiAPU
    FortiMail
    FortiSandbox
    FortiWeb
    Web Application Firewall
    FortiIsolator
    FortiDeceptor
    FortiEDR

    Version Updates

    Date Version Detail
    2022-10-31 90.07413
    2022-08-30 90.05531
    2022-08-23 90.05336
    2022-05-25 90.02622
    2022-01-11 89.08603
    2020-12-29 82.90700 Sig Updated
    2020-03-04 75.71900 Sig Updated
    2019-10-23 72.54100 Sig Updated
    2019-08-27 71.17600 Sig Updated
    2019-06-17 69.32700 Sig Updated