Wednesday, December 18, 2024
HomeRansomwareOperator Behind the Most Infamous GandCrab Ransomware Arrested in Belarus

Operator Behind the Most Infamous GandCrab Ransomware Arrested in Belarus

Published on

SIEM as a Service

Law enforcement agencies from Great Britain and Romania Cyber division have identified one of the operators behind the infamous GandCrab Ransomware attack.

The Man who has been arrested was an affiliate with GandCrab developers and responsible for the infection and earning commission for each ransom payments.

GandCrab ransomware attack was a high profile cybercrime, and the groups behind the GandCrab have compromised more than 54,000 infected computers all over the world between 2018-2019 and earned $2 billion in ransom payments at an average of 2.5 million dollars per week.

- Advertisement - SIEM as a Service

During the Attack, Operators behind the GandCrab has released multiple version between the 1.6 years of continuous operation and various tactics such as malicious spam emails, exploit kits, social engineering methods, and other malware campaigns used for the attack.

Last Year June 1st, Operators behind the GandCrab has announced to shut down their operation completely after the group personally earned $150 million per year, and all bitcoin has been converted into cash and used it for white business.

Also the same month, the Decryptor tool was released for the notorious GandCrab ransomware let victim’s to unlock the files infected with any version of GandCrab.

Now Operator Arrested in Belarus

Department “K” of the Ministry of Internal Affairs, in cooperation with the Cyber ​​Police of Great Britain and Romania, arrested the 31-year-old resident of Gomel, a city in Belarus and he doesn’t have any previous convictions.

He has demanded the ransom of 1200 USD from each infected victim for decrypting their device, and he used the darknet to managing the admin panel and stay anonymous and managing the ransomware botnet that helps to spread the ransom variant tot he victims.

The hacker group targeted more than 100 countries and the largest number of victims was identified in India, the USA, Ukraine, Great Britain, Germany, France, Italy, and Russia.

There are many victims who have been infected by GandCrab affiliates who have earned 60% to 70% commission for the ransom payments they are responsible for.

According to the Ministry of Internal Affairs, Belarus report, It is known that the Gomel resident was not officially employed. The man earned his living by distributing cryptominers, as well as providing services for writing malicious code to users of criminal forums.

After the GandCrab Shutdown, other ransomware such as  REvil, or Sodinokibi have take place and started infecting victims around the world.

Users are advised to read the Anti-ransomware checklist and Ransomware Attack Response Checklist

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Latest articles

New VIPKeyLogger Via Weaponized Office Documenrs Steals Login Credentials

The VIPKeyLogger infostealer, exhibiting similarities to the Snake Keylogger, is actively circulating through phishing...

INTERPOL Urges to End ‘Pig Butchering’ & Replaces With “Romance Baiting”

INTERPOL has called for the term "romance baiting" to replace "pig butchering," a phrase...

New I2PRAT Malware Using encrypted peer-to-peer communication to Evade Detections

Cybersecurity experts are sounding the alarm over a new strain of malware dubbed "I2PRAT,"...

Earth Koshchei Employs RDP Relay, Rogue RDP server in Server Attacks

 A new cyber campaign by the advanced persistent threat (APT) group Earth Koshchei has...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

US Charged Chinese Hackers for Exploiting Thousands of Firewall

The US Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned Sichuan Silence...

Mauri Ransomware Leverages Apache ActiveMQ Vulnerability to Deploy CoinMiners

The Apache ActiveMQ server is vulnerable to remote code execution (CVE-2023-46604), where attackers can...

Black Basta Ransomware Leverages Microsoft Teams To Deliver Malicious Payloads

In a resurgence since May 2024, the Black Basta ransomware campaign has exhibited a...