Authors of GandCrab Ransomware Terminating their Operations after Making $2 Billion in Ransom Payments



The operators of Gandcrab ransomware are continuously maintaining and developing the ransomware and have released five different variants with no major difference between any two versions and the ransomware is known to be extra secured as it uses the “.bit” top-level domain which is not sanctioned by ICANN.

Gandcrab was distributed via various vectors that include exploit kits, spam mail, affiliated malware campaign and other social engineering methods. Along with plenty of malicious spam emails, attackers resort to ‘GrandSoft’ and ‘RIG’, two of the most popular exploit kits in order to distribute GandCrab. These spam emails are configured to befool users and make them download a script which further will download the ransomware and execute it.

Researchers have found that Gandcrab authors have made over $2billion from ransom payments, averaging around 2.5 million dollars per week. As per the observations made by David Montenegro and Damian, the owners of the ransomware told that they are to put their operations to an end now, after earning huge chunks of money (more than 150 million dollars a year) and cashing it out through legitimate sources.

The operators have discontinued the promotions of the ransomware and asked the concerned affiliates to terminate the distribution of the ransomware within the next 20 days. They have also asked the victims to pay the ransom; otherwise, the key will be deleted. However, it’s still a matter of question that whether the keys will be released after the authors shut down their operations.

Although, ransomware has been a constant threat in the field of cybersecurity for a long time but now it’s even deadlier due to the efforts invested by the threat actors in its development. Users are advised to stay equipped with products like ‘Acronis True Image 2019’ in order to stay protected against such ransomware attacks.



Category: / / /

Share this with Your friends: