Cybersecurity Awareness
- - - Live Hacking Event
    - Experience how attackers proceed, attack companies and steal data. We show you realistically how a cyber attack works. Entertaining, individual and exciting.
- - - Managed Phishing Simulation
    - We carry out individual or continuous phishing simulations together with you. Automatic, event-driven or recurring – we adapt to your wishes and requirements.
Offensive Security
- - - Penetration test
    - We attack systems within the scope of application in an organized and systematic manner and inform you immediately about high and critical security gaps. We then support you in eliminating the security gaps.
- - - Vulnerability scan
    - We use established tools to quickly and efficiently find out which systems are vulnerable, either internally or externally. We filter and check the results and support you in remedying them.
- - - 360° SME analysis
    - For small and medium-sized companies, we offer a cost-effective package that gives you an overview of the vulnerability of your internal and external infrastructure.
Consulting
- - - ISMS Consulting
    - We support you in setting up and expanding your information security management system (ISMS) and, if required, help you to achieve ISO 27001 certification.
- - - External (Chief) Information Security Officer
    - By appointing an information security officer, you fulfill requirements, have a single point of contact and are able to implement measures professionally and appropriately.
Ressources
- - - Blog
    - Read our free IT security blog and find out about news, vulnerabilities and threats.
  - - Success stories
    - Find out more about the projects we have completed for a wide range of clients.
- - - Media package
    - Whether logo, colors or images. Download our materials now free of charge to promote your event.

GandCrab retires – two billion USD is enough!

06/06/2024

GandCrab retires – two billion USD is enough!

It shows that behind a ransom commodity like GandCrab lies a completely normal, illegal business model. After the Ransomware has earned about two billion USD, the developers retreat.

GandCrab’s money is washed and legalized. Developers retire.

We ourselves had incidents of GandCrab in our private and professional lives. The criminals usually found their way to the victims’ computers via e-mail. False applications or alleged Amazon orders caused a large number of people to open the attachments and thus clear the way for encryption of their own data.

But that will soon be over. But not because e-mails with ransomware are 100% recognized or Windows 10 is so secure that an infection no longer works – no. The attackers are simply not interested in further infected systems. Sounds paradoxical? But it can almost be compared to a successful exit of a startup. 2 billion USD is apparently enough for the Ransomware developers.

GandCrab will retire — GandCrab will retire. The official message from a Forum (Source: Twitter)

High revenues – despite various decryption tools for GandCrab!

GandCrab is part of a more successful Ransomware campaign. There were several versions and different emails. In the end, all campaigns resulted in a ransom being paid for data. And although there are enough decryption tools for several versions of the ransomware, several victims seem to have paid.

The success and story behind GandCrab will inspire more criminals and interest in illegal business models. The most successful botnets were eventually developed by people who were no older than 25 years at the time of impact.

At the end of the day, however, some questions remain unanswered. It is known that Bitcoin Wallets, on which ransoms are received, are observed by various sources. The attackers (of course) keep to themselves how the clean-up and legalization of the money worked out in detail. For many, however, this is the last hurdle.

There are enough technical kits, instructions and templates for Ransomware. Nobody has to reinvent the wheel in this area. It just has to work better than all the others. WannaCry, Petya/NotPetcya and finally GandCrab are just a few examples.

Chris Wojzechowski

Mein Name ist Chris Wojzechowski und ich habe vor wenigen Jahren meinen Master in Internet-Sicherheit in Gelsenkirchen studiert. Ich bin geschäftsführender Gesellschafter der AWARE7 GmbH und ausgebildeter IT-Risk Manager, IT-Grundschutz Praktiker (TÜV) und besitze die Prüfverfahrenskompetenz für § 8a BSIG. Unser Brot und Buttergeschäft ist die Durchführung von Penetrationstests. Wir setzen uns darüber hinaus für ein breites Verständnis für IT-Sicherheit in Europa ein und bieten aus diesem Grund den Großteil unserer Produkte kostenfrei an.

AWARE7 GmbH

Munscheidstr. 14
45886 Gelsenkirchen

Tel. +49 (0) 209 - 8830 6760

Fax. +49 (0) 209 - 8830 6769

Mail info@aware7.de

Opening hours
Monday - Friday
8:00 - 17:00

COMPANY

Code of Conduct

AWARENESS

Live Hacking Show

Managed Phishing Simulation

RESOURCES

IT-Security Blog

Success Stories

OFFENSIVE SERVICES

Penetration test

Vulnerability scan

IT security emergency

360° SME analysis

CONTACT

Call for proposal (CfP)

CONSULTING

ISMS consulting

External information security officer

Imprint Privacy policy