GandCrab ransomware shuts down after netting authors billions

The operators behind the GandCrab ransomware have introduced that they’re closing up store after nearly a yr and a half through which they claimed to have earned $2bn from ransom funds.

GandCrab rose in reputation amongst cybercriminals after the operators started to market their providers on underground prison websites in January of 2018. Since then, its creators have grow to be a number of the most dominant actors within the ransomware area.

News that GandCrab is shutting down got here from safety researchers Damian and David Montenegro who’ve intently adopted the exploits of the ransomware on the underground hacking and malware discussion board It was there that they found a put up from the GandCrab operators through which they stated they’re shutting down their operation.

In the put up, the operators stated that the ransomware has earned over $2bn with common weekly funds of $2.5m whereas they personally earned over 150m. The GandCrab operators went on to elucidate their future plans, saying:

“We are leaving for a well-deserved retirement. We have proven that by doing evil deeds, retribution does not come. We proved in a year you can earn money for a lifetime. We have proved that it is possible to become number one not in our own words, but in recognition of other people.”


In the announcement, the operators additionally stated that they’ve stopped selling the ransomware whereas requesting that associates cease distributing it inside 20 days. Additionally, their discussion board put up is scheduled to be deleted on the finish of the month.

The operators even inspired victims to pay for decryption now as their keys shall be deleted on the finish of the month. Hopefully although, they launch the keys as soon as they shut down as different massive ransomware operations have carried out previously.

GandCrab’s operators have at all times operated a bit otherwise than their counterparts although, utilizing taunts, jokes and references to organizations and researchers of their code. Another such instance is the truth that the operators determined to make use of domains for his or her Command & Control servers which have been primarily based on organizations and web sites recognized for ransomware analysis.

While it’s excellent news that GandCrab is lastly shutting down, cybercriminals are possible working proper now to fill the hole it is going to depart within the ransomware area.

Via Bleeping Computer