GandCrab is a notorious ransomware that made global rounds during its heydey. Any device can be quickly overtaken, locked and at the mercy of the attacker. Make sure you’re equipped with this GandCrab 5.2 removal guide in preparation for future threats.
Here’s a quick history and evolution of how GandCrab came to be.
In January of 2018, GandCrab was discovered and put on the earliest RaaS, or ransomware as a service system.
The earliest version of GandCrab was found by David Montenegro, a security researcher. GandCrab infected more than 50,000 devices by encrypting the user’s files with a unique key, then dropping ransom notes on how the victims could get their data back. The ransom was often in cryptocurrency, with DASH and Bitcoin being the most common ones.
On March 5th of the same year, the second version of GandCrab was seen. The new script had a new extension, .CRAB and a newer, more sophisticated algorithm that rendered decryptors useless.
The third version of the GandCrab ransomware was spotted on April, then on May 9. The most notable change was that the attacker could display wallpapers that contained messages and ransom notes. Moreover, it gave a psychological edge that the attacker could take control of the device anytime he or she wishes.
Version 4 appeared in July 2018 with the extension changed to .KRAB. Unsuspecting victims quickly had their devices infected and threatened with loss or exposure of invaluable data.
The fifth version of GandCrab had many options of entry, including posing as a fake update, a phishing email, exploit kits and the like. By now the world was ready and had the weapons to combat and eliminate the ransomware. As the 5.1 version was decrypted, attackers retaliated with the V5.2 version, undetectable to most scanning tools and anti-ransomware systems.