GandCrab Cybergang Hacker is Arrested, But Malware Attacks Continue
Earlier this month a hacker behind the famous GandCrab ransomware was arrested in Eastern Europe. He was accused of distributing ransomware demanding upto $1,500 in bitcoin from each victim and extorting more than 1,000 victims around the world. According to authorities he was affiliated with a cybercrime gang called GandCrab.
The arrest comes more than a year after GandCrab creators announced their ‘retirement’. Although a more dangerous ransomware strain called ‘REvil’ has come to take its place that seems to share similar code and architects. An arrest of a single individual who is an architect of the malware can bring a cybercrime operation to a stand still. But being that these groups are fluid and hackers move around chasing payoffs, the individuals behind GandCrab and REvil likely remain at large.
GandCrab first became public in early 2018. The ransomware targets Microsoft Windows devices that encrypt user’s files. It then proceeds to demand bitcoin payments in order to receive decryption tools to recover the lost files. The ransomware approximately infected 1.5 million users worldwide. GandCrab hackers themselves have bragged to have walked away with over $2 billion in ransom payouts. Very little is known about the cybercriminal group, except that it probably has originated in the former Soviet Union.
GandCrab operated as Ransomware-as-a-Service model. Because the GranCrab distribution model was a service for hire, identifying hackers behind these campaigns is extremely difficult. The group sold access to the ransomware to clients, who proceeded to create new portals in order to conduct their own cybercrime campaigns. Europol’s No More Ransom project continues to develop decryption tools for each new version of the ransomware, but keeping up with the GandCrab cybercriminals turned out to be a difficult task.
Arrest of hackers is always welcome news, but whether they are put behind bars for their crimes only time will tell. Unfortunately there are no free decryptor tools currently available to help users. Security experts recommend reinstalling the current Operating System with the latest security updates and restoring files from backups. Paying ransom is not usually recommended as there is no guarantee that the hackers will decrypt your files after payment.