Threat Intelligence Report: GandCrab Ransomware

Threat intelligence is an elusive concept. Cyber-security vendors have developed numerous definitions for it based upon different procedural viewpoints. As a result, the key concept and principle of threat intelligence is explaining the role it plays within cyber-security and network defence, while offering advice and best practice. This will equip the reader with a basic understanding of the benefits of threat intelligence and the importance of investing effort and
resources into responding to it.

A definition of Threat Intelligence:
[It is] evidence-based knowledge, including context, mechanisms, indicators,
implications and actionable advice, about an existing or emerging menace or
hazard to assets that can be used to inform decisions regarding the subject’s
response to that menace or hazard.

Name of Exploit

Type of Exploit
Ransomware, Malware, Trojan

How Exploit is Spread
The GandCrab exploit uses both traditional email spam campaigns, in addition to the use of multiple exploit kits, such as “Rig” and “Grandsoft”. In the past, ransomware has been distributed via malicious advertisements (Malvertisements) leading to the Rig Exploit Kit landing pages, which in turn downloads and runs GandCrab on target systems.

For the email infection vector, GandCrab is sent to a victim’s inbox as part of a compression file such as a [.]zip or [.]7z file. The target user is tricked into executing the binary ([.]exe) residing inside the archive file, which leads to infection of the system.

Global Risk
High/Critical – in less than six months, it has become the biggest threat in its category, and the developers behind the malware are continuing to update and enhance the malware to make it harder to stop.

Within the Cyber Security community, there is fear in the latest version evolving to add a new WannaCry type of attack vector for spreading GandCrab. The ransomware is targeting Windows Operating Systems which is why the global risk has increased.

Download the full report

Leave a Reply