Law enforcement agencies from Great Britain and Romania Cyber division have identified one of the operators behind the infamous GandCrab Ransomware attack.
The Man who has been arrested was an affiliate with GandCrab developers and responsible for the infection and earning commission for each ransom payments.
GandCrab ransomware attack was a high profile cybercrime, and the groups behind the GandCrab have compromised more than 54,000 infected computers all over the world between 2018-2019 and earned $2 billion in ransom payments at an average of 2.5 million dollars per week.
During the Attack, Operators behind the GandCrab has released multiple version between the 1.6 years of continuous operation and various tactics such as malicious spam emails, exploit kits, social engineering methods, and other malware campaigns used for the attack.
Last Year June 1st, Operators behind the GandCrab has announced to shut down their operation completely after the group personally earned $150 million per year, and all bitcoin has been converted into cash and used it for white business.
Also the same month, the Decryptor tool was released for the notorious GandCrab ransomware let victim’s to unlock the files infected with any version of GandCrab.
Department “K” of the Ministry of Internal Affairs, in cooperation with the Cyber Police of Great Britain and Romania, arrested the 31-year-old resident of Gomel, a city in Belarus and he doesn’t have any previous convictions.
He has demanded the ransom of 1200 USD from each infected victim for decrypting their device, and he used the darknet to managing the admin panel and stay anonymous and managing the ransomware botnet that helps to spread the ransom variant tot he victims.
The hacker group targeted more than 100 countries and the largest number of victims was identified in India, the USA, Ukraine, Great Britain, Germany, France, Italy, and Russia.
There are many victims who have been infected by GandCrab affiliates who have earned 60% to 70% commission for the ransom payments they are responsible for.
According to the Ministry of Internal Affairs, Belarus report, It is known that the Gomel resident was not officially employed. The man earned his living by distributing cryptominers, as well as providing services for writing malicious code to users of criminal forums.
After the GandCrab Shutdown, other ransomware such as REvil, or Sodinokibi have take place and started infecting victims around the world.
Users are advised to read the Anti-ransomware checklist and Ransomware Attack Response Checklist
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…
A threat actor known as #LongNight has reportedly put up for sale remote code execution…
Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…
Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…
The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…
Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…