Formally attributedUnknown

GandCrab

Russian-speaking ransomware group that pioneered the RaaS affiliate model, claiming $2 billion in ransoms before shutting down in 2019. Predecessor to REvil, run by the same operators under UNKN alias.

Compare attribution across sources →

Attribution signal

?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 Low

0.8

Low signal strength

Mentions1

Sources1

High conf.1

Last seenMay 2026

First observed

—

Last active

—

Origin

Russia

Aliases

Techniques

Campaigns

Russia

RegionsGlobal

Attribution signals

1 mention · 1 source

#1high

HUMINT

krebs

May 2026