GandCrab Ransomware affiliate program. Greetings, esteemed traffic sellers, spammers, and people who have a regular source of installs. We are glad to offer you a universal solution for converting high-quality installs called GandCrab Ransomware. THE RANSOMWARE: The product is written in C++ and uses WinAPI. The ransomware doesn't have any external dependencies. File size of a non-crypted EXE file: 69 KB. Multithreaded encryption: a separate thread is created for each storage device (FIXED, REMOTE, REMOVABLE). File encryption: over 1,400 masks available (you can add new ones manually using the admin panel). Files are encrypted with the AES algorithms, with a 256-bit key. The key is encrypted using RSA-2048. AES encryption algorithm and CBC operation mode with application of CSPRNG; SSE support (AMD/Intel). The ransomware starts looking for and encrypting new files and removable drives whenever the PC is turned off or rebooted. Point of no return: deletes shadow copies and system restore points. Canary files: bypasses Anti-Ransom solutions that use decoys, so-called "canary files." Protection from anti-virus software: all the traffic between the admin panel and the bot is encrypted. No metadata, no strings in the file. A combination of techniques is used to evade runtime detection. The product doesn't work in RU and in other CIS countries: AM, AZ, BY, GE, KG, KZ, MD, TJ, TM, UA, UZ. The product determines whether to run or not using not only the keyboard layout, but also other parameters. In this way, Chinese servers with a RU keyboard layout will be targeted as well. THE AFFILIATE PROGRAM: User-friendly admin panel is located in TOR (.onion) network. Payouts: your cut is transferred to your Dash eWallet. Detailed information about each object, option to choose selected bots. Manual calibration: you can select the ransom amount for different countries, selected bots, encryption masks. All these settings are customized on your side. A landing page for a victim is located in TOR (.onion) network, however it is also available from a regular Web-browser. This approach significantly increases the amount of payouts. Test decryption of one file to demonstrate that decryption is possible on a landing page. Ticket system for communication with each victim, explanation of the procedure and other assistance. A decryption tool and instructions for it are issued automatically after the payment on the landing page. If the victim fails to pay by the due date, the ransom amount gets doubled automatically. The developers focused on: 1. Performance. 2. Reliability. 3. Flexible settings. As RaaS (Ransomware-As-Service), we provide the following services: 1. Polymorphic automatic crypting of files to each affiliate. 2. Support and update of the product. 3. Technical support. TERMS AND CONDITIONS OF THE AFFILIATE PROGRAM: 1. We work under 60/40 profit share. Major partners get an opportunity to increase their share up to 70%. 2. We accept installs on compromised computers and obtained from spam or high-quality convertible traffic from exchange services* (not interested in mixed world or India). 3. We can refuse partnership without any explanation. 4. Free support between the AP representatives and administrators || Victims and the AP representatives (ticket). 5. We do not provide exploit kits or other methods for procuring loads. *exchange services can be discussed privately. 1. It is prohibited to upload the EXE file to untrustworthy antivirus scanners (those that share malware samples with anti-virus laboratories). 2. It is prohibited to work in the CIS countries (AM, AZ, BY, GE, KG, KZ, MD, RU, TJ, TM, UA, UZ). 3. It is prohibited to publish the link to the admin panel in the ONION network. 4. It is prohibited to give access to your personal account to third parties. Accounts that belong to violators of these terms and conditions will be deleted without any further payouts. Attention! We will be recruiting a limited amount of affiliates and stop the recruitment until more spots are available. Please PM your requests adding description of sources and amount of daily loads/traffic. --- Best regards, GandCrab team.