GandCrab Ransomware

First observed in January 2017, GandCrab is a ransomware trojan delivered by a number of exploit kits including RIG, as well as by the Necurs botnet.

Once installed, GandCrab creates a registry entry so that it runs at start-up before collecting the information on the user and device. It will also check for the presence of anti-virus applications.

This is done through a series of malicious documents that ultimately install the ransomware via a PowerShell script.

Files are encrypted using the RSA algorithm, with the public and private keys generated using API calls to standard Microsoft libraries. The ransom note demands payment in Dash, a less widely used cryptocurrency.

More details here.


Recovery details can be found here

Affected Platforms

Microsoft Windows – All versions

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: