welcome to netwrkspider

Friday, February 8, 2019

Gandcrab 5.1/5.09 IOC details


It was only a few months back that free decryption tools were made available for GandCrab version 5.0 - 5.0.3. And, while these tools are yet to be made public, a new version of GandCrab has appeared. The developers of GandCrab released the new version - GandCrab v5.1 - within 24 hours of the release of the decryption tools.

The latest version of the ransomware comes with a variety of distribution changes and UX updates to the GandCrab TOR sites.

Multiple attack vectors and distribution techniques

Highlighting on the attack vectors of the ransomware, the researchers said, “The primary attack vector for ransomware remains RDP ports, but GandCrab has a diverse array of distribution methods. While RDP-based ransomware attacks remain popular, automated attacks using exploit kits such as Fallout EK, Emotet, or credential stealers like Vidar have been linked to GandCrab infections as well.”