Belarusian Authorities Arrest a GandCrab Ransomware Distributor
On May 31, 2019, the creators of the GandCrab ransomware announced their retirement. In a post published on a hacking forum, they bragged extensively about how much money they and their clients had made and claimed that they are 'a living proof' that evil-doers can get away scot-free. Right now, fourteen months later, Belarusian authorities have a living proof of their own, which shows that things don't always end up so well for the cybercriminals.
A GandCrab distributor ends up with handcuffs around his wrists
In a press release from last week, the Eastern European country's Ministry of Internal Affairs announced that after cooperating with cybercrime fighting units in the UK and Romania, it had managed to track down and arrest a man involved with the GandCrab ransomware. The 31-year-old unemployed individual lived in a town called Gomel, and he earned a living primarily out of distributing cryptocurrency miners and offering malware-writing services to fellow cybercriminals.
The Belarusian law enforcement agencies believe that between 2017 and 2018, the arrested man infected more than 1 thousand computers with the GandCrab ransomware. The victims were spread all around the world, and they were told that if they want to see their data back, they'd need to pay a ransom of about $1,200. The number of users that complied with his demands remains unknown.
The GandCrab developers are still at large
GandCrab was a Ransomware-as-a-Service business. The authors didn't run the operation themselves and instead gave samples to distributors in exchange for a share of the profits. The handcuffed Belarusian cybercriminal is one of the distributors.
As we mentioned already, the GandCrab authors are pretty sure that they will manage to get away without paying for the havoc they wrought, and it must be said that law enforcement agencies have yet to knock on their door. Cybersecurity reporter Brian Krebs, however, has done what he can to ensure that the criminals get paid a visit. Last year, after a lengthy investigation, he published the names of the people who he thinks ran the GandCrab service.
Krebs' report shows that the GandCrab hackers might not be so invincible after all, and the fact that one of their clients is now in custody could be worrying them as well. The Belarusian cybercriminal will probably be willing to trade any information he has on the ransomware authors in exchange for a decent settlement deal, and although it's difficult to say how useful he will be exactly, he might just help the police confirm or dispel Brian Krebs' findings.