GandCrab Caught in DeepArmor’s Net

May 15, 2018 Mark Montgomery


One of the toughest security challenges for any organization is the balance between what applications should be allowed and which should not. Documents are almost universally allowed and adversaries know this. They are taking advantage of these documents to infect, encrypt, and blackmail, and it takes cutting-edge technology to protect your assets.

The GandCrab ransomware family is one such threat that takes root by utilizing weaponized documents. These documents often show up in email boxes of unwitting personnel who open the them as part of their regular duties. Should a document with the GandCrab ransomware arrive in your mailbox, the weaponized document would encrypt files on your system and blackmail you for a decryption key. Some the known variants of this kind of threat are already available in malware repositories, and a number of vendors have blacklisted these files. However, there are quite a few who either fail to detect or do not provide protection from weaponized documents.

The weaponized documents sent out as part of the GandCrab campaign contain code that initiates communication to a command and control server, where it will download and execute a secondary payload.

The secondary payload does the heavy lifting of encrypting the system’s files and changing extensions to .CRAB, and finally notifying the user.

The good news is that users of DeepArmor are protected from these forms of threats. SparkCognition developed the first artificial intelligence that detects weaponized documents pre-execution. Our AI models see the intent of these files and block them from ever running, even when they have never seen the file before.

Anti-malware built from AI has repeatedly demonstrated superior ability to catch zero-day and polymorphic malware missed by first- and second-generation products. For more information about DeepArmor, please contact


Previous Article
Predicting Failures in Hydro Turbines: Easy as H2O
Predicting Failures in Hydro Turbines: Easy as H2O

From the massive blades spinning on top of hillsides to solar panels decorating rooftops, advances in techn...

Next Article
12 Mothers of AI Who Prove You Shouldn’t Fear Becoming Your Mother
12 Mothers of AI Who Prove You Shouldn’t Fear Becoming Your Mother

Marvin Minsky and John McCarthy are widely considered to be the fathers of AI—but what about the mothers? W...


Curated AI News Straight to Your Inbox Every Month. Subscribe to our Newsletter.

First Name
Last Name
Company Name
Phone Number
Job Title
Thank you!
Error - something went wrong!