The most common attack vector for GandCrab ransomware is an unsecure RDP-Connection (Remote Desktop Protocol). It is followed up by phishing emails and security vulnerabilities. In many ways, it isn’t different from other strains of ransomware and viruses, but it’s the Ransomware-as-a-Service business model that made GandCrab adopt a faster rate of distribution.
Many amateur hackers looking to make easy bucks, use Ransomware-as-a-Service model adopted by Gandcrab, whereby they receive the entire exploit kit and user manuals on how to stage an attack. Once small vendors stage successful attacks, the original Gandcrab ransomware hackers make a portion of revenue whenever a payment is made by the victim.
This has become a highly lucrative business model for ransomware gangs in 2021 and beyond.