File-encrypting ransomware has gone through significant ups and dramatic downs over the past few years. Overshadowed by the influx of malicious cryptocurrency mining applications in late 2017, this area of cybercrime took a nosedive only the most durable strains could survive. A sample called GandCrab made its debut in the midst of this hiatus and became a game changer.
With the first infection instances documented in January 2018, this lineage quickly gained traction and came to dominate the extortion landscape. Its original variant was crafted competently enough to prevent free decryption, so the users who suddenly discovered their personal files being appended with the bizarre .GDCB extension had no chances to restore hostage data beyond the ransom way. Then came editions that blemished files with the .CRAB and .KRAB strings, superseded by a series of the pest’s personas using random victim-specific extensions.