W32/GandCrab_V5_1!tr.ransom
Analysis
W32/GandCrab_V5_1!tr.ransom is a generic detection for GandCrab v5.1 Ransomware.
Below are some of its observed characteristics/behaviours:
- This is a 5.1 version for Ransomware GandCrab which has the same characteristics/behaviours as other versions of GandCrab. Generic description for Gandcrab : W32/GandCrab.FOD!tr.ransom.
- Below is an illustration of the malware's Ransom notes:
- Figure 1: Ransom notes .
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |
Version Updates
Date | Version | Detail |
---|---|---|
2022-05-25 | 90.02622 | |
2021-07-27 | 87.00933 | |
2020-06-02 | 77.87200 | Sig Updated |
2020-04-28 | 77.03500 | Sig Updated |
2019-09-10 | 71.50800 | Sig Updated |
2019-09-05 | 71.39200 | Sig Updated |
2019-04-05 | 67.57900 | Sig Updated |
2019-04-02 | 67.50600 | Sig Updated |
2019-03-27 | 67.36100 | Sig Updated |
2019-03-26 | 67.33800 | Sig Updated |