• GandCrab, which is provided as ransomware-as-a-service, is expected to shut down operations by next month.
  • The ransomware is said to have at least five variants since its inception last year.

The infamous GandCrab ransomware might soon come to an end. In an announcement posted on a hacking forum, the creators of this formidable malware spoke of their decision to stop its services in the near future. In addition, they have asked affiliates to stop spreading the ransomware within 20 days as well as have suggested victims buy decryption keys immediately.

GandCrab originated a year ago on January 28, 2018, and remains one of the most active ransomware deployed in cyberattacks. It is distributed using spam emails, exploit kits (Grandsoft and RIG) and other malware. The creators also marketed it as ‘ransomware-as-a-service(RaaS)’ on dark web forums.

The big picture

  • According to an image of the message sent by researcher Damian to BleepingComputer, the creators boast of ransom payments made to the tune of $2 billion, with a weekly earning of $2.5 million. They also mention that they personally made $150 million from ransomware campaigns.
  • The creators tell that they are ‘leaving for a well-deserved retirement’ as the reason for stopping GandCrab operations.
  • In the end, the message asks affiliates to stop distributing GandCrab within 20 days and monetize their campaigns. Furthermore, it asks victims to buy decryption keys immediately and warns that the keys would be deleted soon.

Worth noting

With GandCrab’s developers ending operations as well as planning to delete encryption keys, researchers opine that it might be a tactic to scare victims. “Some of the security researchers we approached have told ZDNet this could be a ploy to make victims panic and pay the ransom demand. However, they shifted their views when they learned that GandCrab RaaS customers were also told to wind down operations,” ZDNet reported.

Overall, GandCrab’s activities coming to an end might actually be a good thing for businesses and individuals as it has caused significant loss in resources for everyone involved.

Cyware Publisher