GandCrab 5

The ransomware adds random extensions to encrypted files and directs the victim to an html file for instructions on how to decrypt the infected files. The threat actor demands that the ransom be paid in Bitcoin or DASH. GandCrab 5 also scans network shares and mapped drives to find the files to be encrypted. The threat actors behind this ransomware use a variety of infection vectors, including PowerShell, botnets, exploit kits, Trojan programs, SpearPhishing, and Remote Desktop.