GandCrab ransomware was first spotted in January 2018. This ransomware is usually propagated via malspam emails with the help of RIG exploit kit and GrandSoft exploit kit. This ransomware appends .GDCB to the names of the encrypted files.
Distribution via malspam
In February 2018, researchers observed a malspam campaign disguised as receipts distributing the GandCrab ransomware.
Distribution via EI Test Hoefler Text scam
Researchers observed a Hoefler Text update scam, wherein attackers leveraged the EI Test to distribute the GandCrab ransomware.
Version 2, 3, 4 released
A new version of GandCrab v2 was released in March 2018. The next month, another version GandCrab v3 was released, followed by the 4th version in July 2018. GandCrab v2 encrypts files and appends the .CRAB extension to the filenames, while the GandCrab v4 appends the .KRAB extension to the filenames.
Decryptor tools released for GandCrab
In February 2018, Bitdefender released the first free decryptor tool which was used by almost 2,000 home users, companies and non-profits to retrieve their compromised data. Ten months later, Bitdefender released another decryptor for GandCrab versions 1, 4 and 5 up to v5.0.3.
In February 2019, Bitdefender in collaboration with the Romanian Police, Europol, and other law enforcement agencies, has released a new decryptor for GandCrab ransomware version v5.1.
However, attackers have released a new variant of GandCrab v5.2 the same month.
GandCrab v5.2 attacks
Since the release of GandCrab v5.2 in February 2019, it has been used in a couple of attacks.
This shows the extent to which threat actors can go to perpetrate large scale attacks by continuously improving GandCrab ransomware.