3 June 2019

GandCrab crew announced plans to shut down its Ransomware-as-a-Service operation

GandCrab crew announced plans to shut down its Ransomware-as-a-Service operation

After almost a year and a half the creators of the notorious GandCrab ransomware decided to shut down their operation and affiliates are being told to stop distributing the ransomware. GandCrab RaaS (Ransomware-as-a-Service) first appeared on the threat landscape in early 2018 when its operators started advertising their services on underground criminal sites.

GandCrab RaaS is an online portal where crooks sign up and for a fee get access to custom builds of the malware, which they later distribute through email spam, exploit kits or using other methods. In more than one year GandCrab creators released several versions of the malware with various modifications, but it seems that they decided to go out of business, according to the several researchers and sources in the malware community.

The plans to cease the operation were announced on a well known hacking forum, where GandCrab crew was marketing their services since 2018. In the posted message the GandCrab authors revealed that the malware earned them more than $2 billion in ransom payments, generating on average of $2.5 million dollars per week. They said that they have personally earned $150 million, which they have cashed out and invested in legal business activities. However, the security researchers have their doubts about the validity of these claims and the exact amount of earned money.

Be that as it may, the GandCrab operators will no longer promote their services and asked the renters to stop distributing the ransomware within 20 days. The GandCrab RaaS operators have also warned that they planning to delete all decryption keys and urged all the victims to pay for needed decryption.

Back to the list

Latest Posts

Hackers actively exploit a recently patched vulnerability in Exim email server software

Hackers actively exploit a recently patched vulnerability in Exim email server software

Millions of Exim email servers are currently under attack.
14 June 2019
FIN8 hacking group reappears with updated ShellTea backdoor, targets POS devices in the hotel industry

FIN8 hacking group reappears with updated ShellTea backdoor, targets POS devices in the hotel industry

FIN8 made several improvements to its malware arsenal, fixing bugs and making the malicious tools harder to detect.
13 June 2019
Hackers weaponize critical Oracle WebLogic vulnerability in cryptojacking attacks

Hackers weaponize critical Oracle WebLogic vulnerability in cryptojacking attacks

Trend Micro’s researchers shed light on some of the activity involving CVE-2019-2725.
11 June 2019
Featured vulnerabilities
Stored XSS in FortiWeb reports
Medium Patched | 13 Jun, 2019
Microsoft update for Adobe Flash (June 2019)
High Patched | 12 Jun, 2019