Fileless GandCrab As Seen by SandBlast Agent

January 2018 saw the debut of the GandCrab ransomware, a well-known malware that is distributed on the Dark Web which targets mainly Scandinavian and English-speaking countries.

In addition, the GandCrab Affiliate Program offers low skilled threat actors the opportunity to run their own ransomware campaigns. Delivered mainly through email spam engines, affiliates are also provided with advice and encouragement on which regions to target to ensure the highest profits.

While you can read more about GandCrab in our previous blog post, in this series we provide high level descriptions of recent and new attacks utilizing an interactive web based report to showcase an attack flow. We will also illustrate, using our interactive forensic report, how, despite GandCrab using fileless techniques, SandBlast Agent was still able to monitor and detect its actions.

Read more…
Source: CheckPoint