GandCrab Ransomware’s New Evasive Infection Chain

Cybereason has posted a research article on the GandCrab ransomware, which it notes has adopted different evasive techniques to enable successful infections. According to Cybereason, these techniques include combining a phishing email and weaponized Office documents to gain initial entry onto a targeted machine and leveraging “living-off-the-land” binaries to bypass Windows AppLocker and fetch the ransomware payload, among others. The article contains details discussions of these techniques, including screenshots, and provides recommendations for preventing infections. GandCrab is one of the most prevalent forms of ransomware today, accounting for 40 percent of all ransomware infections globally according to cybersecurity firm Bitdefender. One of the reasons GandCrab has become such a popular form of ransomware is because it follows the Ransomware-as-a-Service (RaaS) business model. This gives cyber criminals of any skillset the ability to use the GandCrab infrastructure through an easy-to-use platform, with 24/7 online support. Versions 4 and 5 are estimated to have infected around 500,00 victims worldwide from July to October of 2018. Read the research article at Cybereason.