GandCrab Ransomware Operation to Retire by July 2019
Jessica Williams | Last Updated:
As of today, the world is short one ransomware operation. The team behind the malicious GandCrab Ransomware operation has formally stated that the service is coming to a close by the end of this month. Without a doubt, this is some incredible-yet-troublesome news.
The worst news being that the GandCrab operation has now provided its founders with enough stolen cash for them and their team to retire the program and move on.
As you’d expect, this could potentially mean hundreds of thousands or even millions of dollars have been scammed by the company since its launch — though the founders boldly claim that they’ve scammed over $2 billion from victims of the software.
How GandCrab Worked
For those interested in how GandCrab successfully stole an alleged $2 billion from unsuspecting victims, we have some insight for you below.
The GandCrab ransomware primarily worked as an online service, or RaaS — ransomware as a service — which cybercriminals could use to assist in their own operations. Once the ransomware finds itself on a user’s device, it essentially locks down the device, rendering it unusable until the victim agrees to pay a fee to the ransomware service.
Each time a victim paid the service to unlock their device, GandCrab collected a commission and passed the rest of the fee on to the person or organisation who sent out the ransomware to infect a machine.
Total Commissions and Earnings
One of the most troubling parts of this story is the massive scale at which GandCrab was used to absorb thousands of millions of dollars. The operation reportedly earned a whopping $2.5 million per week, or $150 million a year by merely locking victim’s devices and demanding payments — however, as these numbers can’t be verified, it’s best not to take them too seriously.
Over the past few months, the GandCrab platform began to lose steam as a result of either less RaaS clients or victims simply refusing to pay the ransom.
A ransomware tracking company, ID-Ransomware found that over the past few months, there has been a massive decline in the number of victims reporting GandCrab as their ‘hacker’ or the service that has locked their computers.
One reason for this may have been Bitdefender working on decrypting or ‘cracking’ the GandCrab ransomware — unlocking victim’s devices without them needing to pay a thing. In the past year, Bitdefender has unlocked three devices without losing data or paying the fee, effectively paving the way to making GandCrab useless.
How to help Protect Yourself
If you’ve stayed up to date with the news, you’ll know that ransomware attacks are on the rise and becoming more severe and hard to crack for cyber-security firms. In 2017, the WannaCry attack brought down entire private and government organisations, including the UK’s whole National Health Service.
The good news is that a majority of ransomware attacks only affect older devices and ageing operating systems. Both Windows and Apple are on top of their device updates and are routinely issuing security updates to fight back against ransomware attacks.
Although a VPN cannot prevent ALL forms ransomware attack on your device, it does make your device less of a target to cybercriminals. In fact, a common method by which ransomware attacks occur is when a target tries to connect to public wifi hotspot that has been compromised by a ransomware hacker. This is where a VPN connection can really save the day. With a vpn connection, your communications are routed via a secure military-grade encrypted tunnel direct to the website you are trying to access. Your data is unable to be read (i.e decrypted) by a hacker, which ultimately means that your device is not able to be compromised with a ransomware attack. In this way you are protected from hackers who may be trying to infect your device (laptop, iphone, android device, etc) via a public wifi hotspot connection.
As we can see, the rise and fall of ransomware is nowhere near over, and it’s in all of our reader’s best interests to install an anti-virus program and pair that service with a trustworthy VPN such as ExpressVPN, NordVPN or [link_cyberghost].