Criminals Retire Profitable Ransomware Variant GandCrab

$2B Later – GandCrab is Going Dark

The creators of GandCrab are informing all of their affiliates and victims, the ransomware will be retired in the next 20 days. Along with that, all of their victim’s decryption keys will be deleted. Creating a sense of urgency for their victims, it may lead to a final payday for hackers.

Below is the correspondence, retrieved by security researchers, of the news:


Now, one may think, if a security researcher can obtain this, what can be done to prosecute the criminals. Unfortunately, it isn’t that easy. With the anonymity features of the dark web, as well as the additional measures hackers take to stay hidden, finding them is no easy feat. This is no secret, considering the hacker included the following quote in their message above,

“We have proven that by doing evil deeds, retribution does not come.”

That comment in itself is incredibly powerful, and true. Cyber criminals are continuing to spread attacks without consequence. This begs the question, what can users do? If attacks happen, typically our first response is to notify the authorities. Although, with cyber attacks, it leads no where.

To properly mitigate the risk of becoming their next victim, users are encouraged to do the following:

  • Complete cyber security training and learn what red flags to look out for.
  • Enable a security solution that deploys a whitelist solution. By doing so, only known-trusted programs can execute.
  • Ensure all third-party applications are updated, including your security solution.
  • Update your operating system to the most recent version.
  • Think before you click. Check the “from” and “reply to” address within the email, hover over links before clicking them to see where it will send you, and do not open attachments if you question the authenticity of the email.

If you do fall victim to a cyber attack you should still contact authorities, as well as your security solution provider.

 4,198 total views,  1 views today

(Visited 1 times, 1 visits today)

2 thoughts on “Criminals Retire Profitable Ransomware Variant GandCrab”

  1. And I suppose you know which country houses the final server in the malware distribution chain? And that it doesn’t change over time?

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.