fter just over a year and a half of activity, the claws of the GandCrab ransomware loosen their grip and its managers announce their intention to retire (or devote themselves to the next threat). Identified for the first time by the Bitdefender researchers on January 28, 2018, it hit about 1.5 million unfortunate victims asking them to pay a ransom to get back the files taken hostage.
The GandCrab ransomware loosens its grip
The origin is probably Russian. His particular way of working, more similar to that of a structured company than the modus operandi of a group of cyber criminals: access to ransomware was sold on underground circuits, with a sort of license agreement (ransomware) as-a-service) which required buyers to pay the author an affiliation fee of 40% of the proceeds of the redemptions. An enormous turnover, estimated by the same managers in over 2 billion dollars, for gains quantified on average in more than 2.5 million dollars every week. The author (or authors) claims to have personally pocketed over 150 million dollars, money already laundered and invested in legal, online and real world businesses.
The announcement is the one shown in the screenshot above: affiliates are asked to interrupt the activity within 20 days and the victims not to proceed with the payment of the ransom beyond the deadline, since in any case it would be impossible to re-establish access to the blocked files. Fortunately, the No More Ransom website, managed by some companies active in the cybersecurity sector, provides a free tool to get around the obstacle.
This is the screenshot of a system affected by the ransomware action, with an explicit payment request for $ 9,700, to be made in cryptocurrency, chosen from Bitcoin or DASH. All accompanied by images of the Mr. Krab character from the SpongeBob series. According to studies conducted by Bitdefender, it has affected about 1.5 million devices in a year and a half, without distinction in the consumer and professional sphere. The amount requested was not always the same: ranging from $ 600 for a single computer to 10,000 for a server, reaching 700,000 in some cases related to the enterprise world.
Such a complex and complex operation that GandCrab has been updated over time with the inclusion of new features and systems to circumvent antivirus control. A support chat has even been set up for the victims, so they could ask affiliates for a discount, as the picture above shows.