The creators of the GandCrab ransomware are shutting down their Ransomware-as-a-Service (RaaS) operation. The GandCrab RaaS is an online portal where criminals sign up and pay to get custom builds of the GandCrab ransomware, which are then distributed by them via email spam, exploit kits etc.
When an infected user makes the ransom payment, the original GandCrab author gets a small commission, and the remaining money goes to the criminal who distributed the ransomware.
The GandCrab RaaS operator announced their plans to shut down through an official thread on a well-known hacking forum, where the GandCrab RaaS has advertised its service since January 2018, when it formally launched.
The GandCrab authors claimed that their ransomware has earned more than $2 billion in ransom payments, with the operators making roughly $2.5 million per week and $150 million per year.
According to a GandCrab crew, they have successfully cashed that money and legalized it in different white businesses both in real life and on the Internet. All the renters of the GandCrab ransomware were asked to wind up their operations and cash out within the next month.
The forum thread also contains a threatening message for GandCrab victims, as the operators are planning to delete all decryption keys, which makes it impossible for the infected victims to recover their files.
Usually when ransomware operations shut down, they release the victim decryption keys for free so that users could recover their data. This has happened to victims of ransomware like TeslaCrypt, XData, Crysis, and FilesLocker.
According to a chart shared by Michael Gillespie, the creator of ID-Ransomware which is a service that lets ransomware victims identify the type of ransomware that has infected their systems, shows a steady decline in GandCrab activity this month. The GandCrab was losing customers even before the shutdown announcement.
GandCrab ransomware family was one of the most active ransomware threats in the past one year. This ransomware had several updates and is presently at version 5.2.
Cyber-security firm Bitdefender released GandCrab decryptors three times over the past year. These apps permitted the victims to recover encrypted files without making the ransom payment.