The data breach could create huge problems to Moscow. Both on the propaganda on Ukraine and the internal security level. Data could boost cyber warfare/espionage.
The GandCrab maybe has been beaten definitely. Cyber security experts share free a new decryption tool for the latest version of the ransomware family on NoMoreRansom
GandCrab has been beaten, maybe definitely. According to Europol, on 17 June, a new decryption tool for the latest version of the most prolific cybercrime ransomware family has been released free of charge on www.nomoreransom.org. This tool allows victims of the malware to regain access to their information encrypted by hackers, without having to pay demanded ransoms. The tool is released in partnership with law enforcement agencies and cyber security experts from Austria (Bundeskriminalambt – BMI), Belgium (Federal Computer Crime Unit), Bulgaria (General Directorate Combating Organized Crime – Cybercrime Department), France (Police Judiciaire de Paris – Befti), the Netherlands (High Tech Crime Unit), Romania (DIICOT), the United Kingdom (NCA and Metropolitan Police), the United States (FBI) and Europol and its Joint Cybercrime Action Taskforce (J-CAT), together with the private partner Bitdefender.
The cybercrime operators announced recently they would close the malware operations at the end of the month
The decryption tool counters GandCrab versions 1 and 4 and versions 5 to 5.2, which are the latest to be used by cybercrime. Previous decryptors for the ransomware helped more than 30.000 victims recover their data and save roughly $50 million in unpaid ransoms. Most importantly, the joint efforts have weakened the operators’ position on the market and have led to the demise and shutdown of the operation by law enforcement. This was a global law enforcement effort supported by Bitdefender and McAfee. Moreover the malware operators recently announced it’s closure at the end of the month. Formally, thanks to huge profits. The cyber security experts, instead, believe that the cyber criminals did it to avoid the risks of being cacthed. And that probably, they soon or late will spread new malicious codes with the same goal.