GandCrab ransomware operators are shutting down


The creators of the GandCrab ransomware are shutting down their Ransomware-as-a-Service (RaaS) operation. The GandCrab RaaS is an online portal where criminals sign up and pay to get custom builds of the GandCrab ransomware, which are then distributed by them via email spam, exploit kits etc.

When an infected user makes the ransom payment, the original GandCrab author gets a small commission, and the remaining money goes to the criminal who distributed the ransomware.

The GandCrab RaaS operator announced their plans to shut down through an official thread on a well-known hacking forum, where the GandCrab RaaS has advertised its service since January 2018, when it formally launched.

The GandCrab authors claimed that their ransomware has earned more than $2 billion in ransom payments, with the operators making roughly $2.5 million per week and $150 million per year.

According to a GandCrab crew, they have successfully cashed that money and legalized it in different white businesses both in real life and on the Internet. All the renters of the GandCrab ransomware were asked to wind up their operations and cash out within the next month.

The forum thread also contains a threatening message for GandCrab victims, as the operators are planning to delete all decryption keys, which makes it impossible for the infected victims to recover their files.

Usually when ransomware operations shut down, they release the victim decryption keys for free so that users could recover their data. This has happened to victims of ransomware like TeslaCrypt, XData, Crysis, and FilesLocker.

According to a chart shared by Michael Gillespie, the creator of ID-Ransomware which is a service that lets ransomware victims identify the type of ransomware that has infected their systems, shows a steady decline in GandCrab activity this month. The GandCrab was losing customers even before the shutdown announcement.

GandCrab ransomware family was one of the most active ransomware threats in the past one year. This ransomware had several updates and is presently at version 5.2.

Cyber-security firm Bitdefender released GandCrab decryptors three times over the past year. These apps permitted the victims to recover encrypted files without making the ransom payment.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    Personal data of thousands of Australians sold for just $60

    Previous article

    Apple Launches ‘Sign in with Apple ID’ Feature at WWDC 2019

    Next article

    You may also like

    More in Ransomware


    Leave a reply

    Your email address will not be published. Required fields are marked *