GandCrab is a ransomware that is distributed through the RIG vulnerability exploit kit. When infected, files in the computer are encrypted into * .GDCB or * .CRAB files. The malicious code will then generate a CRAB-DECRYPT.txt file that requests and instructs the user to pay a ransom of $ 400 – $ 1,000 by paying via DASH cryptocurrency to decrypt the data.
After nearly a year and a half “storming”, the people behind GandCrab ransomware announced the shutdown and urged their malicious “affiliates” to stop distributing the ransomware. .
- Warning: Detecting a campaign to spread GandCrab 5.2 malware into Vietnam via fake email from the Ministry of Public Security
Appearing as a plan to fill significant gaps in the world of ransomware left behind after massive ransomware operations such as TeslaCrypt, CryptoWall and Spora shut down, GandCrab “sent a greeting. “Arrived in the internet world on January 28, 2018, and rapidly exploded as attackers began to spread their services on the underground, dark web.
Since then, GandCrab has become one of the dominant names, causing an obsession for all networked computer systems around the world. It is no exaggeration to say that GandCrab is the most dominant name, in the activities of global ransomware in general for more than 1 year. The ransom work has only begun to show signs of cooling over the past few months as the attackers have pocketed a fair amount of money.
According to the recent discovery of 2 experienced security researchers Damian and David Montenegro – who have been tracking GandCrab exploit activities since the malware appeared, on a forum specializing in hacking and malware Exploit.in, the hackers exploiting GandCrab have posted content that they are gradually deactivating GandCrab completely in the near future.
According to the screenshot provided by Damian to technology news site BleepingComputer, the people behind GandCrab say they have made a total of more than $ 2 billion from the malware through the ransom payments of victims, of which, on average, each week GandCrab helped these names pocket about 2.5 million dollars. More specifically, $ 150 million of it has been converted to cash and successfully “laundered” through investments in legitimate projects and business entities.
- Hackers attacked a US city demanding $ 100,000 in Bitcoin ransom
Also in this announcement, the authors of GandCrab said they stopped promoting the ransomware, asked affiliates to stop distributing GandCrab malware within 20 days, and requested to remove all related topics by the end of the month. this.
In addition, the attackers did not forget to give the “last” warning to the victims who are still reluctant to pay the ransom that they will have to pay for the decryption of the necessary data now. because the decryption keys for their data will be deleted at the end of the month, meaning that all of the victim’s encrypted data will be forever “in the past”. This could be a final demand for money and hopefully the GandCrab developers will follow “the tradition of other major ransomware operations and release the decryption key before officially shutting down.”
Historically, cybersecurity has seen many instances of large-scale ransomware operations emerge to fill the gap that was left when an earlier large ransomware was just shut down. Therefore, it should not be surprising to see another ransom attack “spring up” in the near future after GandCrab’s disappearance, especially as the people behind the malware have also launched. The words “note” are as follows:
“We have proven that by doing evil deeds, retribution does not come.”
(Interpretation: We have pointed out the fact that please feel assured to do what you want, even if it is a bad behavior, illegal, because cause and effect are not real. “)
Well, if this is a smooth retreat by GandCrab, having caused massive losses of up to $ 2.5 billion worldwide, they have the right to gloat with that statement!
- Detect spreading Trojan stealing virtual money through YouTube
Huge amount of money was pocketed
It is true that the people behind GandCrab may have made a lot of money after this, but there is no guarantee they will be able to make that much. The $ 2.5 billion figure will certainly need to be verified.
These somewhat “bold” statements are not at all surprising because the developers of GrandCrab are always jokes, and that has attracted the attention of many security researchers. around the world in a way that most malware developers do not yet or do not.
By using ridicule, jokes, and references to organizations and many famous security researchers in their malware, it is clear that the people behind GandCrab have been spying on the experts. secret as much as the experts notice them, and this contributes to “inspire” the attacker.
For example, in the first release of the GandCrab ransomware, malware developers decided to use domain names for their Command & Control (C2 servers) servers based on supposed organizations and websites. are researching or most interested in this ransomware as a “challenge”, including:
In addition, they also regularly send “cordial greetings” to security researchers who have been closely monitoring their ransomware.
- [Infographic] 7 effective ways to protect your business from Ransomware
However, this is not a funny game of “hide and seek”. The guys behind GandCrab have also had a lot of retaliation against security teams. After AhnLab released a “vaccine application” for GandCrab, the attackers immediately contacted the BleepingComputer to disclose information that they had released a zero-day targeting the AhnLab v3 antivirus program. Lite – a really “weighted” response.
However, GandCrab’s antics and even success have garnered much attention from Exploit.in members, with mixed feelings about the event that the malware stopped working.
- Cyber security tools every business should know
While GandCrab antics can be amusing in some situations, the loss, trouble, and even the suffering it inflicts on the victims – those who have been stolen by this malware work and possibly a lifelong business enthusiasm. After all, the shutdown of GandCrab, or any other ransomware, is still a good thing for mankind.