Operator Behind the Most Infamous GandCrab Ransomware Arrested in Belarus

Law enforcement agencies from Great Britain and Romania Cyber division have identified one of the operators behind the infamous GandCrab Ransomware attack.

The Man who has been arrested was an affiliate with GandCrab developers and responsible for the infection and earning commission for each ransom payments.

GandCrab ransomware attack was a high profile cybercrime, and the groups behind the GandCrab have compromised more than 54,000 infected computers all over the world between 2018-2019 and earned $2 billion in ransom payments at an average of 2.5 million dollars per week.

During the Attack, Operators behind the GandCrab has released multiple version between the 1.6 years of continuous operation and various tactics such as malicious spam emails, exploit kits, social engineering methods, and other malware campaigns used for the attack.

Last Year June 1st, Operators behind the GandCrab has announced to shut down their operation completely after the group personally earned $150 million per year, and all bitcoin has been converted into cash and used it for white business.

Also the same month, the Decryptor tool was released for the notorious GandCrab ransomware let victim’s to unlock the files infected with any version of GandCrab.

Now Operator Arrested in Belarus

Department “K” of the Ministry of Internal Affairs, in cooperation with the Cyber ​​Police of Great Britain and Romania, arrested the 31-year-old resident of Gomel, a city in Belarus and he doesn’t have any previous convictions.

He has demanded the ransom of 1200 USD from each infected victim for decrypting their device, and he used the darknet to managing the admin panel and stay anonymous and managing the ransomware botnet that helps to spread the ransom variant tot he victims.

The hacker group targeted more than 100 countries and the largest number of victims was identified in India, the USA, Ukraine, Great Britain, Germany, France, Italy, and Russia.

There are many victims who have been infected by GandCrab affiliates who have earned 60% to 70% commission for the ransom payments they are responsible for.

According to the Ministry of Internal Affairs, Belarus report, It is known that the Gomel resident was not officially employed. The man earned his living by distributing cryptominers, as well as providing services for writing malicious code to users of criminal forums.

After the GandCrab Shutdown, other ransomware such as  REvil, or Sodinokibi have take place and started infecting victims around the world.

Users are advised to read the Anti-ransomware checklist and Ransomware Attack Response Checklist

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.