Ransomware

GandCrab

First seen: 2018-01 • Status: inactive

Currently Inactive

GandCrab was a hugely successful ransomware that "retired" after making $2 billion. Its creators went on to build REvil ransomware.

Overview

GandCrab was one of the most successful ransomware-as-a-service operations. The operators claimed to retire after earning $2 billion, but many evolved into REvil.

Also Known As

GANDCRAB

How It Spreads

  • Exploit kits
  • Malspam
  • RDP compromise

What It Does

  • Encrypts files
  • Demands ransom in cryptocurrency

Is your business exposed?

Target Platforms

Windows

Detection Tips

  • Watch for GandCrab file extensions
  • Monitor ransom notes

MITRE ATT&CK Techniques

T1486, T1490

If You're Infected

  1. 1.

    Check for free decryptor at NoMoreRansom.org

  2. 2.

    Restore from backups

Related Malware

Revil, Sodinokibi

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices