diff --git a/modules/signatures/windows/ransomware_fileextensions.py b/modules/signatures/windows/ransomware_fileextensions.py
index 3cbf58a82..39c00e9f1 100644
--- a/modules/signatures/windows/ransomware_fileextensions.py
+++ b/modules/signatures/windows/ransomware_fileextensions.py
@@ -73,6 +73,8 @@ class RansomwareExtensions(Signature):
         (".*\.Venus(f|p)$", ["VenusLocker"]),
         (".*\.(?:WNCRY|WNCRYT|WCRY)$", ["WannaCry"]),
         (".*\.wflx$", ["WildFire-Locker"]),
+        (".*\.KRAB$", ["GandCrab v4"]),
+        (".*\.CRAB$", ["GandCrab v2"]),
     ]
 
     def on_complete(self):