Eastern Europe, Russian Federation
GandCrab, REvil, Sodinokibi, GOLD GARDEN, GOLD SOUTHFIELD
Pinchy Spider is a criminal group behind the development and operation of the ransomware named REvil (aka Sodinokibi) that was brought into operation at the beginning of April 2019.
Pinchy Spider sells access to their ransomware under a partnership program with a limited number of accounts, often referred to as Ransomware-as-a-Service (RaaS). The criminal actor was first known as the developer of the ransomware GandCrab, which was active between January 2018 and the end of May 2019.
Samples of REvil were first identified in early April 2019, while GandCrab remained active. Analysis by CrowdStrike Intelligence identified several overlaps in code—as well as Tactics, Techniques, and Procedures (TTPs)—that confirm a link between the GandCrab and REvil operations, including RC4 string decryption, information gathering, command-and-control (C2) techniques, and file encryption. CrowdStrike Intelligence has attributed Pinchy Spider to the operation of REvil, with Pinchy Spider formed of some individuals who operated the now defunct GandCrab and new individuals from a former GandCrab affiliate network.
GandCrab first emerged at the end of January 2018 and it is one of the first known ransomware families to accept the DASH cryptocurrency and utilize the cryptocurrency Namecoin TLD .bit, which acts as an alternative, decentralized domain name system.
On 31 May 2019, Pinchy Spider stated in a forum post that they were retiring from operations and that the GandCrab partnership program was being closed down. The actor requested no further distribution campaigns and gave members of the partner program 28 days to monetize any remaining infections.
- Use of RC4 for string decryption
- Enumeration of keyboard layout lists for locale verification
- Enumeration and termination of processes associated with ransomware targeted files
- Enumeration of domain name for RU TLD to prevent encryption of Russian companies
Trinidad And Tobago
United Arab Emirates
- Consulting & Professional Services
- Consumer Goods
- Food and Beverage
- Industrials and Engineering
- NGOs and Nonprofits
- Real Estate
- State & Municipal Government
Crowdstrike Pinchy Spider
I have read and accept the terms and conditions