Offensive Security

GandCrab retires – two billion USD is enough!

GandCrab retires – two billion USD is enough!

It shows that behind a ransom commodity like GandCrab lies a completely normal, illegal business model. After the Ransomware has earned about two billion USD, the developers retreat.

GandCrab’s money is washed and legalized. Developers retire.

We ourselves had incidents of GandCrab in our private and professional lives. The criminals usually found their way to the victims’ computers via e-mail. False applications or alleged Amazon orders caused a large number of people to open the attachments and thus clear the way for encryption of their own data.

But that will soon be over. But not because e-mails with ransomware are 100% recognized or Windows 10 is so secure that an infection no longer works – no. The attackers are simply not interested in further infected systems. Sounds paradoxical? But it can almost be compared to a successful exit of a startup. 2 billion USD is apparently enough for the Ransomware developers.

GandCrab will retire
GandCrab will retire. The official message from a Forum (Source: Twitter)

High revenues – despite various decryption tools for GandCrab!

GandCrab is part of a more successful Ransomware campaign. There were several versions and different emails. In the end, all campaigns resulted in a ransom being paid for data. And although there are enough decryption tools for several versions of the ransomware, several victims seem to have paid.

The success and story behind GandCrab will inspire more criminals and interest in illegal business models. The most successful botnets were eventually developed by people who were no older than 25 years at the time of impact.

At the end of the day, however, some questions remain unanswered. It is known that Bitcoin Wallets, on which ransoms are received, are observed by various sources. The attackers (of course) keep to themselves how the clean-up and legalization of the money worked out in detail. For many, however, this is the last hurdle.

There are enough technical kits, instructions and templates for Ransomware. Nobody has to reinvent the wheel in this area. It just has to work better than all the others. WannaCry, Petya/NotPetcya and finally GandCrab are just a few examples.

Photo of author

Vincent Reckendrees

Hallo, ich bin Vincent Reckendrees und leite das Team Offensive Services bei der AWARE7 GmbH. In meinem Bachelor und Master Studium habe ich mich auf IT-Sicherheit spezialisiert und BSI zertifizierter IS-Penetrationstester. Meine Leidenschaft gilt Reverse Engineering, Hardware- und Web-Sicherheit. Als Experte für Penetrationstests finde ich Schwachstellen in Systemen und Netzwerken und nutze sie, um realistische Cyberangriffe zu simulieren und Sicherheitsmaßnahmen zu verbessern. Durch Reverse Engineering entdecke ich Fehler und Verbesserungsmöglichkeiten in Software und Hardware. Meine Fähigkeiten in Hardware- und Web-Sicherheit ermöglichen es mir, physische Geräte und Online-Plattformen vor einer Vielzahl von Cyberbedrohungen zu schützen und ihre Integrität und Zuverlässigkeit zu gewährleisten.