In a press release last week, the Minister of Internal Affairs of Belarus announced the arrest of a 31-year-old man on charges of distributing the GandCrab ransomware.
The man, whose name was not released, was arrested in Gomel, a small city in southeastern Belarus, at the intersection with the Russian and Ukraine border.
Authorities said the man had no previous convictions prior to his arrest but had signed up on a hacking forum to become an affiliate for the GandCrab ransomware operation.
He allegedly rented access to a web panel where he tweaked settings to obtain a custom version of the GandCrab ransomware, which he would later send out as boobytrapped files to other internet users using email spam.
Victims who opened the files would get infected and have their files encrypted, needing to pay a ransom fee to obtain a decryption app and recover their files.
Suspect made more than 1,000 victims
Belarussian officials said the suspect infected more than 1,000 computers while a GandCrab affiliate (also known as a "distributor"). From each victim, the suspect demanded around $1,200 paid in Bitcoin., although officials didn't say how many paid.
Vladimir Zaitsev, Deputy Head of the High-Tech Crime Department of the Ministry of Internal Affairs, said the suspect infected victims in more than 100 countries, with the most located in India, the US, Ukraine, the UK, Germany, France, Italy, and Russia.
Officials said they received help from law enforcement from the UK and Romania in tracking down and identifying the hacker.
Authorities also said the suspect was unemployed and distributed cryptominers and wrote code for other users on hacking forums.
GandCrab author still at large
The GandCrab ransomware is now defunct. The operation -- known as a RaaS (Ransomware-as-a-Service) -- launched in early 2018, had tens of affiliates and shut down in June 2019.
In a post on a hacking forum, the GandCrab team bragged about earning more than $2 billion from their scheme -- a claim researchers deemed an exaggeration as they could never prove to be true.
Under the hood, the ransomware wasn't that well put together and allowed security researchers to release free decryption utilities on multiple occasions [1, 2, 3, 4]. Towards June 2019, the service was losing affiliates as distributors moved to other RaaS offers that had a stronger offering and took a smaller cut of their profits.
During its final days, GandCrab affiliates experimented with targeting managed service providers or MySQL servers for more focused intrusions. Nowadays, many security researchers believe the GandCrab authors moved on to create the new Sodinokibi (REvil) ransomware/
Belarusian authorities said GandCrab made more than 54,000 victims across the world, including 156 in their country.
The authors of the GandCrab ransomware are still unidentified in the public eye and at large.
tinyurlis.gdv.gdv.htclck.ruulvis.netshrtco.de
مقالات مشابه
- در خانه برای صنعت شیرینی سازی (پودر شده) شکر
- معرفی بهترین کربن فعال
- باربری کاشانی - اتوبار کاشانی - 44440426 - 28% تخفیف ویژه
- IBM موناش و دانشگاه ساوتهمپتون توسعه خواندن ذهن ebike به صرفه جویی در زندگی
- B&W به ارمغان می آورد امضای لمسی به شیرین به دنبال سری 700 به زبان CNET
- مرغ قشنگ ماکارونی غذای مرکب از گوشت وارد
- شرکت صادرات و واردات کالاهای مختلف از جمله کاشی و سرامیک و ارائه دهنده خدمات ترانزیت و بارگیری دریایی و ریلی و ترخیص کالا برای کشورهای مختلف از جمله روسیه و کشورهای حوزه cis و سایر نقاط جهان - بازرگانی علی قانعی
- ساعت هوشمند ردیاب برای آسیب پذیر را می توان هک شده برای ارسال دارو هشدار
- راهنمای چنگیزخان برای پودر باریت Excellence
- چهار چیزهایی که درباره لباس بچگانه نمیدانستید