After almost a year and a half the creators of the notorious GandCrab ransomware decided to shut down their operation and affiliates are being told to stop distributing the ransomware. GandCrab RaaS (Ransomware-as-a-Service) first appeared on the threat landscape in early 2018 when its operators started advertising their services on underground criminal sites.
GandCrab RaaS is an online portal where crooks sign up and for a fee get access to custom builds of the malware, which they later distribute through email spam, exploit kits or using other methods. In more than one year GandCrab creators released several versions of the malware with various modifications, but it seems that they decided to go out of business, according to the several researchers and sources in the malware community.
The plans to cease the operation were announced on a well known hacking forum, where GandCrab crew was marketing their services since 2018. In the posted message the GandCrab authors revealed that the malware earned them more than $2 billion in ransom payments, generating on average of $2.5 million dollars per week. They said that they have personally earned $150 million, which they have cashed out and invested in legal business activities. However, the security researchers have their doubts about the validity of these claims and the exact amount of earned money.
Be that as it may, the GandCrab operators will no longer promote their services and asked the renters to stop distributing the ransomware within 20 days. The GandCrab RaaS operators have also warned that they planning to delete all decryption keys and urged all the victims to pay for needed decryption.