Categories: Ransomware

Operator Behind the Most Infamous GandCrab Ransomware Arrested in Belarus

Law enforcement agencies from Great Britain and Romania Cyber division have identified one of the operators behind the infamous GandCrab Ransomware attack.

The Man who has been arrested was an affiliate with GandCrab developers and responsible for the infection and earning commission for each ransom payments.

GandCrab ransomware attack was a high profile cybercrime, and the groups behind the GandCrab have compromised more than 54,000 infected computers all over the world between 2018-2019 and earned $2 billion in ransom payments at an average of 2.5 million dollars per week.

During the Attack, Operators behind the GandCrab has released multiple version between the 1.6 years of continuous operation and various tactics such as malicious spam emails, exploit kits, social engineering methods, and other malware campaigns used for the attack.

Last Year June 1st, Operators behind the GandCrab has announced to shut down their operation completely after the group personally earned $150 million per year, and all bitcoin has been converted into cash and used it for white business.

Also the same month, the Decryptor tool was released for the notorious GandCrab ransomware let victim’s to unlock the files infected with any version of GandCrab.

Now Operator Arrested in Belarus

Department “K” of the Ministry of Internal Affairs, in cooperation with the Cyber ​​Police of Great Britain and Romania, arrested the 31-year-old resident of Gomel, a city in Belarus and he doesn’t have any previous convictions.

He has demanded the ransom of 1200 USD from each infected victim for decrypting their device, and he used the darknet to managing the admin panel and stay anonymous and managing the ransomware botnet that helps to spread the ransom variant tot he victims.

The hacker group targeted more than 100 countries and the largest number of victims was identified in India, the USA, Ukraine, Great Britain, Germany, France, Italy, and Russia.

There are many victims who have been infected by GandCrab affiliates who have earned 60% to 70% commission for the ransom payments they are responsible for.

According to the Ministry of Internal Affairs, Belarus report, It is known that the Gomel resident was not officially employed. The man earned his living by distributing cryptominers, as well as providing services for writing malicious code to users of criminal forums.

After the GandCrab Shutdown, other ransomware such as  REvil, or Sodinokibi have take place and started infecting victims around the world.

Users are advised to read the Anti-ransomware checklist and Ransomware Attack Response Checklist

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Bhuvanesh

Recent Posts

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector emerged…

14 hours ago

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its attacks…

14 hours ago

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6 million…

15 hours ago

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect servers…

16 hours ago

Healthcare Sector Becomes a Major Target for Cyber Attacks in 2025

The healthcare sector has emerged as a prime target for cyber attackers, driven by the…

17 hours ago

SysAid ITSM Vulnerabilities Enables Pre-Auth Remote Command Execution

Security researchers have disclosed a chain of critical vulnerabilities affecting SysAid ITSM’s On-Premise solution, enabling…

17 hours ago