[German]It seems as if the developers of the malware GandCrab are retiring and discontinuing the Ransomware. But the first figures have become known about the payments the victims are said to have made.
Ransomware Trojan GandCrab
The trojan GandCrab is a ransomware, that has been widely distributed in email campaigns in recent weeks. Cyber criminals are trying to send the Gandcrab Trojan to their victims via fake application e-mails. If a victim falls for it, the GandCrab Ransomware encrypts all data on the infected computer and replaces the desktop background with a message with the ransom demand. .
(Source: Pexels Markus Spiske CC0 Licence)
Only if the victim pays ransom he get a key to decrypt his data. It was known that the backers of the campaigns are successful and infect many computers.
Income of the cyber criminals
But it was unclear how much the blackmailers could take. There are also decryption tools for older versions of the ransomware. So I was surprised to see the following tweet from Kevin Beaumont.
GandCrab are going into retirement. Says victims have paid $2 billion and they’ve made $150m profit. pic.twitter.com/w3WIzR6ZVV
— Kevin Beaumont (@GossiTheDog) 1. Juni 2019
He posted a text excerpt from a forum. The backers announced there that they would withdraw and publish some figures. They write:
All good things com to an end
We are leaving for a well-deserved retirement
Sounds like a final withdrawal from the business. Allegedly, more than 2 billion US $ have been raised by all parties involved. The developers themselves claim to have earned 150 million US dollars a year. The money is now laundered and legalized. This would now be the time to retire.
GandCrab victims should know this
For the victims of the GandCrab Ransomware this announcement still has a special meaning. The aim of the ransom payment is to get a key to get your data back.
As it looks, the infrastructure for GandGrab will be shut down – this is how I interpret the forum entry. The GandCrab backers write that the keys to recovering the files would be deleted when they left the store. Anyone who still pays as a victim will still not be able to access their data.