gandcrab details

Description

GandCrab was a prolific Ransomware-as-a-Service (RaaS) operation active from January 2018 to mid-2019. It quickly became one of the most widespread ransomware families due to its affiliate-based distribution model, where operators provided the ransomware to partners in exchange for a revenue share (reportedly 30–40%). GandCrab used a double-extortion approach in later stages, encrypting files with a combination of Salsa20 and RSA-2048 algorithms and appending extensions that varied by version (e.g., .GDCB, .KRAB, .CRAB). Initial access vectors included phishing emails with malicious attachments, exploit kits (notably RIG and GrandSoft), and remote desktop protocol (RDP) attacks. GandCrab’s operators claimed to have earned over $150 million before publicly announcing their retirement in June 2019, after which decryption keys for all versions were released.

External Analysis
https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-shuts-down-after-claiming-to-have-made-over-2-billion/
https://www.trendmicro.com/en_us/research/19/f/uncovering-the-evolution-of-gandcrab-ransomware.html
https://www.cisa.gov/news-events/cybersecurity-advisories/aa19-024a
https://securelist.com/gandcrab-ransomware/89631/

External Analysis

https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-shuts-down-after-claiming-to-have-made-over-2-billion/

https://www.trendmicro.com/en_us/research/19/f/uncovering-the-evolution-of-gandcrab-ransomware.html

https://www.cisa.gov/news-events/cybersecurity-advisories/aa19-024a

https://securelist.com/gandcrab-ransomware/89631/

Url	Status	Screen	Uptime 30d	Health
http://gandcrabmfe6mnef.onion/	Down		0%

Url

Status

Screen

Uptime 30d

Health

http://gandcrabmfe6mnef.onion/

Down

Gandcrab

Description

Note