Early 2018, experts at cyber security firm LMNTRIX have discovered a new ransomware-as-a-service dubbed GandCrab. advertised in Russian hacking community on the dark web. The GandCrab was advertised in Russian hacking community, researchers noticed that authors leverage the RIG and GrandSoft exploit kits to distribute the malware.
In more than one year its operators released several versions with numerous enhancements, but now they are shutting down their operation and affiliates are being told to stop distributing the ransomware.
In October 2018, experts at the Cybaze Z-Lab have analyzed one of the latest iterations of the infamous GandCrab
Security researchers Damian and David Montenegro, who follow the evolution of the GandCrab since its appearance, the GandCrab operators announced their decision of shutting down their operation in a post in popular hacking forums:
The operators revealed they have generated more than $2 billion in ransom payments, earning on average of $2.5 million dollars per week. The operators revealed to have earned a net of $150 million that now have invested in legal activities.
Anyway, experts believe that the claims of $2 billion are not real, below an excerpt from a post published by Bleeping Computer:
“While the operators behind GandCrab most likely made many millions of dollars, the claims of $2 billion in ransom payments are very likely to be untrue.”
Operators will no more promote the GandCrab ransomware and asked the affiliates to stop distributing it within 20 days.
They are also warning victims that time is running out and they have to pay the ransom as soon as possible to avoid to lose their file forever.
It is not clear if the operators will release the keys after they will go out of the business.
(SecurityAffairs – GandCrab ransomware, malware)