GandCrab ransomware

URI: https://gptkb.org/entity/GandCrab_ransomware
GPTKB entity
Statements (63)
Predicate Object
gptkbp:instanceOf malware
gptkbp:decryptionToolAvailable yes
gptkbp:decryptionToolReleasedBy gptkb:Europol
gptkb:Bitdefender
NoMoreRansom project
gptkbp:developedBy GandCrab group
gptkbp:discoveredBy January 2018
gptkbp:distributedBy exploit kits
malspam
malvertising
remote desktop protocol brute force
gptkbp:estimatedProfits over $2 billion
gptkbp:fileExtension .CRAB
.GANDCRAB
.GDCB
.KRAB
.LOCK
.RAND
https://www.w3.org/2000/01/rdf-schema#label GandCrab ransomware
gptkbp:language gptkb:Russian
English
gptkbp:notableEvent spread via compromised websites
spread via exploit kits such as Rig and GrandSoft
spread via fake software updates
spread via phishing emails
gptkbp:notableFeature anti-analysis techniques
Ransomware-as-a-Service (RaaS)
affiliates recruited via underground forums
command and control via Tor network
frequent code obfuscation
frequent version updates
gptkbp:operationCeased June 2019
gptkbp:platform gptkb:Microsoft_Windows
gptkbp:prohibitedTarget gptkb:Armenia
gptkb:Azerbaijan
gptkb:Belarus
gptkb:Kazakhstan
gptkb:Kyrgyzstan
gptkb:Moldova
gptkb:Russia
gptkb:Tajikistan
gptkb:Turkmenistan
gptkb:Ukraine
gptkb:Uzbekistan
gptkb:CIS_countries
gptkbp:ransomNoteFile CRAB-DECRYPT.txt
GANDCRAB-DECRYPT.txt
GDCB-DECRYPT.txt
KRAB-DECRYPT.txt
LOCK-DECRYPT.txt
RAND-DECRYPT.txt
gptkbp:ransomPaymentMethod gptkb:Bitcoin
DASH cryptocurrency
gptkbp:successor REvil ransomware
gptkbp:supportsAlgorithm gptkb:RSA
gptkb:AES
gptkbp:target businesses
government organizations
individual users
gptkbp:usesMalware crypto-ransomware
gptkbp:victim over 1.5 million
gptkbp:bfsParent gptkb:Sodinokibi_ransomware
gptkbp:bfsLayer 7