Ransomware
GandCrab
aka GDCB
An aggressively marketed ransomware-as-a-service that dominated 2018–2019 before its operators retired, claiming over $2 billion in ransoms.
GandCrab was a defining ransomware-as-a-service of 2018–2019, run by the Pinchy Spider crew with a slick affiliate program and near-constant version updates to stay ahead of decryptors. At its peak it accounted for a large share of all ransomware infections.
Cat-and-mouse
Researchers (Bitdefender, Europol, and others) repeatedly released free decryptors via No More Ransom, forcing GandCrab into rapid iteration through v1–v5. The operators treated it as a public sparring match.
"Retirement"
In mid-2019 the crew announced they were retiring, claiming over $2 billion extorted. Code and personnel overlaps strongly link GandCrab to REvil. History is tracked on Cyber Breaches; a version diff lives on the Reverse Engineering Hub.
Defense
Patch exploit-kit delivery paths, harden RDP, and keep offline backups.