GandCrab operators are shutting down their operations

Pierluigi Paganini June 01, 2019

GandCrab first appeared in the threat landscape in early 2018 and continuously evolved over time. Now operators are shutting down their operations.

Early 2018, experts at cyber security firm LMNTRIX have discovered a new ransomware-as-a-service dubbed GandCrab. advertised in Russian hacking community on the dark web. The GandCrab was advertised in Russian hacking community, researchers noticed that authors leverage the RIG and GrandSoft exploit kits to distribute the malware.

In more than one year its operators released several versions with numerous enhancements, but now they are shutting down their operation and affiliates are being told to stop distributing the ransomware.

In October 2018, experts at the Cybaze Z-Lab have analyzed one of the latest iterations of the infamous GandCrab ransomware, the version 5.0.

Security researchers Damian and David Montenegro, who follow the evolution of the GandCrab since its appearance, the GandCrab operators announced their decision of shutting down their operation in a post in popular hacking forums:

https://twitter.com/CryptoInsane/status/1134727041826377729

The operators revealed they have generated more than $2 billion in ransom payments, earning on average of $2.5 million dollars per week. The operators revealed to have earned a net of $150 million that now have invested in legal activities.

GandCrab shutdown

Anyway, experts believe that the claims of $2 billion are not real, below an excerpt from a post published by Bleeping Computer:

“While the operators behind GandCrab most likely made many millions of dollars, the claims of $2 billion in ransom payments are very likely to be untrue.”

Operators will no more promote the GandCrab ransomware and asked the affiliates to stop distributing it within 20 days.

They are also warning victims that time is running out and they have to pay the ransom as soon as possible to avoid to lose their file forever.

It is not clear if the operators will release the keys after they will go out of the business.

Stay tuned …

If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter”

Thank you

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – GandCrab ransomware, malware)

[adrotate banner=”5″]

[adrotate banner=”13″]




you might also like

leave a comment