GandCrab ransomware

Ransomware has become the primary cyberthreat organizations worry about, especially after WannaCry in 2017. With the evolution of ransomware, businesses always need to be aware of their network ecosystem, especially since ransomware recently started coming in different variants. GandCrab ransomware is one such threat that hackers are continuously developing to hinder business environments. GandCrab ransomware began causing chaos in businesses in January of this year, and since then we’ve seen multiple versions of GandCrab, with the most recent one being GandCrab 5.2.

What is GandCrab ransomware? 

GandCrab, like any ransomware, encrypts data and demands a ransom for decryption. The war between cybercriminals and cybersecurity professionals continues to evolve every day, and GandCrab is a particularly sophisticated cyberthreat that bypasses security procedures easily. Some researchers have defined GandCrab as the “new king of ransomware.”

How can GandCrab ransomware breach a network? 

GandCrab ransomware primarily spreads via phishing, which is the practice of sending legitimate-looking spam emails with infected attachments to targeted users. Apart from this traditional methodology, GandCrab ransomware also uses affiliate programs to reach its audience. Since its discovery in January, GandCrab has been developed and released in five different variants: GandCrab V1, V2, V3, V4, and V5.

Cybersecurity professionals cracked down on the initial version of GandCrab by identifying the RSA key. After that, V2 was developed to overcome the defects of V1, and so on. Now the Chinese National Network and Information Security Center has informed the country’s provincial government about phishing emails containing GandCrab.

Best practices to protect your business against GandCrab ransomware 

  1. Use strong firewall configurations to allow only connections from trusted sources.

  2. Restrict user privileges based on task requirements and only grant complete access to legitimate applications.

  3. Enforce strong password policies to avoid brute force attacks.

  4. Prohibit auto-play options to prevent unrecognized EXE files and other applications from running on the corporate network.

  5. Close unnecessary ports, processes, and services to narrow the scope of malware spreading across the business ecosystem.

  6. Keep your devices up-to-date with patches, regardless of whether they’re inside or outside the corporate network.

  7. Detect and restrict phishing from malicious sites using proper browser management filters.

  8. Prevent malware from spreading in the form of downloadable files by blocking the download of files with malicious intent. Also, encourage your employees to avoid email attachments unless they come from a trusted source.

  9. Keep official data secure using sandbox technologies to containerize corporate information.

  10. Identify jailbroken or compromised devices to keep corporate data secure.

Employing and periodically updating proactive security controls is the best way for businesses to fortify their defenses. Using a unified endpoint management approach, businesses can detect and prevent new developments in ransomware, helping them keep their corporate data safe and secure.    

How ManageEngine can help 

With ManageEngine’s unified endpoint management solution, Desktop Central, businesses can secure and manage their firewalls, browsers, patches, jailbroken devices, emails, and more—all from one single console.  

This unified approach towards network security can reduce the efforts of IT administrators, allowing them to concentrate on immediate priorities. Businesses need to employ Desktop Central to secure their network against GandCrab ransomware.