GandCrab was a very active ransomware strain all throughout 2018 as well as since the start of 2019, and it is known for requesting up to $3000 from its victims to decode encrypted files.
The GandCrab authors use a ransomware-as-a-service (RaaS) “business” model designed to make it simple for other threat actors to deploy it through their own malware campaigns for a share of the profit.
GandCrab is also known to use a large array of techniques for compromising its victims, via malvertising campaigns, by exploiting Struts, JBoss, Weblogic, and Apache Tomcat vulnerabilities, by camouflaging itself as an apparently harmless app or as a cracked utility, or even trying to brute force its way in when everything else fails.
Because GandCrab is distributed as part of a wide variety of exploit kits from RIG and GrandSoft to Fallout via automated malware campaigns, as well as in combination with other malware strains such as Emotet and Vidar, and this has as a direct result an increased number of ransom IDs being detected for each infection event.
Although a free decrypter for GandCrab was released by Bitdefender at the end of October, allowing victims to decrypt their locked files if they were affected by versions 1, 4 and 5 (up to v5.0.3) of the ransomware, there are no publicly available decryption tools for the latest versions of GandCrab starting with 5.0.4.
Protect yourself from ransomware
To protect your files from being encrypted by ransomware, it is important that you use good computing habits and security software. First and foremost, you should always have a reliable and tested backup of your data that can be restored in the case of an emergency, such as a ransomware attack. With a good backup, ransomware has no effect on you.
You should also have security software that incorporates behavioral detections to combat ransomware and not just signature detections or heuristics. For example, Emsisoft Anti-Malware and Malwarebytes Anti-Malware both contain behavioral detection that can prevent many, if not most, ransomware infections from encrypting a computer.