Ransomware School: The Rise of GandCrab Disciples
The highly successful GandCrab ransomware-as-a-service (RaaS) platform that retired over the summer, turned the ransomware market from a loose collection of private and silent developers into a lively underground community, a new report by AdvIntel shows.
“Before GandCrab, traditional ransomware teams, run by Russian-speaking hackers, were acting privately, silently and avoided underground forums,” the researchers say. However, that all changed when GandCrab entered the scene last year. “GandCrab developed its own charity campaigns and micro-loan partnerships across forums, while community members were devoting poetry to the group and referenced it during forum discussions of relationships and romance,” the report states. By actively recruiting affiliates, GandCrab not only created a vast network of threat actors, but also offered newcomers a way to improve their malware knowledge and skills, which boosted the emergence of other ransomware and malware collectives, including Sodinokibi, which is currently the most popular RaaS offering.