VirusW32/GandCrab_V5_1!tr.ransom
Analysis
W32/GandCrab_V5_1!tr.ransom is a generic detection for GandCrab v5.1 Ransomware.
Below are some of its observed characteristics/behaviours:
- This is a 5.1 version for Ransomware GandCrab which has the same characteristics/behaviours as other versions of GandCrab. Generic description for Gandcrab : W32/GandCrab.FOD!tr.ransom.
- Below is an illustration of the malware's Ransom notes:
- Figure 1: Ransom notes .
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
| FortiGate | |
|---|---|
| FortiClient | |
| FortiAPS | |
| FortiAPU | |
| FortiMail | |
| FortiSandbox | |
| FortiWeb | |
| Web Application Firewall | |
| FortiIsolator | |
| FortiDeceptor | |
| FortiEDR |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2022-05-25 | 90.02622 | |
| 2021-07-27 | 87.00933 | |
| 2020-06-02 | 77.87200 | Sig Updated |
| 2020-04-28 | 77.03500 | Sig Updated |
| 2019-09-10 | 71.50800 | Sig Updated |
| 2019-09-05 | 71.39200 | Sig Updated |
| 2019-04-05 | 67.57900 | Sig Updated |
| 2019-04-02 | 67.50600 | Sig Updated |
| 2019-03-27 | 67.36100 | Sig Updated |
| 2019-03-26 | 67.33800 | Sig Updated |