Gandcrab
Also known as: GrandCrab
GandCrab was a Ransomware-as-a-Service (RaaS) emerged in January 28, 2018, managed by a criminal organization known to be confident and vocal, while running a rapidly evolving ransomware campaign. Through their aggressive, albeit unusual, marketing strategies and constant recruitment of affiliates, they were able to globally distribute a high volume of their malware.
In a surprising announcement on May 31, 2019, the GandCrab’s operators posted on a dark web forum, announced the end of a little more than a year of ransomware operations, citing staggering profit figures. However, If there’s one thing that sets these threat actors apart from other groups, it is that they are unpredictable; so there is always the possibility that they might re-surface in one form or another.
Linked Threat Actors
Last 7 days
| Date | C2 Hosts |
|---|---|
| Mar 10, 2026 | 2 |
Further Reading
After operating for about 18 months, the RaaS gang operating under the name GandCrab has announced it has cashed out of the game and has retired. GandCrab’s operators posted a message on a dark ...
A total of 13 suspects believed to be members of two prolific cybercrime rings were arrested as a global coalition across five continents involving law enforcement and private partners, including T...
Ransomware as a service (RaaS) equips prospective attackers, even those who possess minimal technical skills and knowledge, with the ammunition they need to launch attacks. This in turn helps ranso...
This paper examines the GandCrab ransomware, the biggest Ransomware-as-a-Service (RaaS) threat seen in 2018 and the first half of 2019. Through technical analysis, several mistakes and indicators w...
The GandCrab ransomware was active from January 2018 to May 2019. During its active state, numerous variants were distributed worldwide, causing much damage. This report examines the battle that we...