virus logo Virus

W32/GandCrab_V5_0_4!tr.ransom

description-logoAnalysis

W32/GandCrab_V5_0_4!tr.ransom is a generic detection for a GandCrab v5.0.4 Ransomware trojan.
Below are some of its observed characteristics/behaviours:

  • This is a 5.0.4 version for Ransomware GandCrab which has the same characteristics/behaviours as other versions of GandCrab. Generic description for Gandcrab : W32/GandCrab.FOD!tr.ransom.

  • Below is an illustration of the malware's Ransom notes:

    • Figure 1: Ransom notes .


    • Figure 2: Ransom notes.


    • recommended-action-logoRecommended Action

    • Make sure that your FortiGate/FortiClient system is using the latest AV database.
    • Quarantine/delete files that are detected and replace infected files with clean backup copies.

    Telemetry logoTelemetry

    Detection Availability

    FortiGate
    Extended
    FortiClient
    FortiMail
    FortiSandbox
    FortiWeb
    Web Application Firewall
    FortiIsolator
    FortiDeceptor
    FortiEDR

    Version Updates

    Date Version Detail
    2022-10-03 90.06554
    2022-05-25 90.02622
    2019-10-30 72.71700 Sig Updated
    2019-08-20 71.01900 Sig Updated
    2019-07-16 70.02200 Sig Updated
    2019-07-09 69.85400 Sig Updated
    2019-06-18 69.35000 Sig Updated
    2019-06-11 69.18400 Sig Updated
    2019-06-04 69.01700 Sig Updated
    2019-04-16 67.84200 Sig Updated
    ID 7960486
    Released Jan 17, 2019
    Description
    Updated    		 Dec 12, 2018
    Aliases Trojan-Ransom.Win32.GandCrypt.gtl,Win32/Kryptik.GNMY trojan,Trojan-Ransom.Win32.GandCrypt.gtk,Ransom_GandCrypt.R01FC0DKQ18,Win32/Filecoder.GandCrab.D trojan,Trojan-Ransom.Win32.GandCrypt.fbd,W32/GandCrab.X.gen!Eldorado,Trojan-Ransom.GandCrab
    Platform Profile Win32 file format / PE 32 bit