GandCrab V3 Ransomware is another generation of high-risk GandCrab virus, that uses AES-256 (CBC-mode) + RSA-2048 encryption algorithms. This version also appends .CRAB extensions to all encrypted files. GandCrab V3 creates similar CRAB-DECRYPT.txt file with changed ransom note. Unlike previous versions GandCrab V3 Ransomware uses carder.bit as a server and Psi-Plus Jabber for communication. It also modifies desktop background with unpleasant inscription. Ransomware restarts the computer after encryption is finished, and creates autorun key in the registry to run on Windows startup and attack newly created files. Ransom amount is ~$1000 and can be paid in Dash or BitCoin. Virus creates counter and deadline after which ransom amount can double.
GandCrab2 Ransomware is a virus, that uses AES (CBC-mode) algorithm to encrypt user files. During the process ransomware adds .CRAB extension to encrypted files. Following successful encryption, GandCrab2 creates CRAB-DECRYPT.txt file. Unfortunately, due to using TOR payment pages, NameCoin servers and cryptocurrency, there is no way to track the hackers, unless they make a mistake. Decryption key of previous version of GandCrab became public due to data leakage from their servers. GandCrab2 Ransomware asks 0.5 – 0.8 Dash (cryptocurrency) , which is less then before, however it still can estimate from several hundreds to more than thousand dollars.
GandCrab Ransomware is file encrypting virus, that uses AES-256 (CBC-mode) encryption algorithm to encode user files. It affects documents, media files, databases – the most important data for users. During encryption process ransomware appends .GDCB extension to encrypted files. After it finishes GDCB-DECRYPT.txt is created. GandCrab Ransomware targets 64-bit systems in Western Europe and South Korea. Its developers demand 1.5 – 2 Dash (cryptocurrency) which estimates in more than $1100. GandCrab checks the system for the presence of .exe files of antiviruses from the popular vendors, and won’t run on the computers with such security software or will attempt to disable it.