The cybersecurity researcher bl4ckh0l3z: It steals a lot of info. The malware is part of the ongoing Domestic Kitten internal operation.
Bleeping Computer: GancCrab is closing. The ransomware authors claim have personally earned $150 million. So the malware will be stopped until the end of the month
GandCrab cybercrime group is shutting down the operations. It has been reported by Bleeping Computer. According to cyber security researchers Damian and David Montenegro who have been following the exploits of the ransomware on the underground hacking forum Exploit.in, the malware operators have posted that they are shutting down their activity. In a post they explained they have generated more than $2 billion in ransom payments, with average weekly payments of $2.5 million dollars. They go on to say they have personally earned $150 million, which they have cashed out and invested in legal business entities. So, the malicious actors asked the affiliates to stop distributing the ransomware within 20 days, and their topic to be deleted at the end of the month. Furthermore, they suggest victims to pay ransoms now, as their decryption keys will be deleted at the end of the month.
The cyber security experts: developers improved GandCrab a lot of times and they hit many targets worldwide, also in Italy. But the amount of profit claimed is impossible
GandCrab hit a lot of targets worldwide, also in Italy and with sextortion campaigns. Since last year there have been many phishing campaigns to spread the ransomware with different baits. Furthermore, the malware has been improved a lot of times, to counter cyber security experts and antivirus efforts in blocking it. But until now it granted cybercrime developers a lot of money, though the huge amount of money eraned (announced by it’s creators) seems impossible. According to Bleeping Computer, in fact, the developers of GrandCrab have always been jokesters and have engaged security researchers using taunts, jokes, and references to organizations and researchers in their code. For example, in their first release of the malware, they used domain names for their Command & Control (C2) servers, based on organizations and sites known for ransomware research. From bleepingcomputer to nomoreransom, passing through eset and emsisoft.