Belarus authorities announced that they have arrested an individual who operated the infamous GandCrab ransomware.
Through the Ministry of Internal Affairs, Belarus police intimated that the 31-year-old suspect was connected to the GandCrab ransomware-as-a-service program that is known to have caused massive economic losses globally.
A sketchy English translation of a press release by local law enforcement highlighted the significance of the arrest in the universal fight against organized cybercrime. Reportedly, Office ‘K’ of the country’s Ministry of Internal Affairs collaborated with the British and Romanian cyber police in identifying the affiliate member of a global hacker group.
The official statement recognized the famous ransomware virus that infected a reported 54,000 computer systems across the globe – with 165 victim computers having Belarusian ownership.
While commenting on the incident, the deputy head of the High-Tech Crime Department of the Ministry of Internal Affairs asserted that the unnamed hacker lacked a prior criminal record. Nonetheless, the Gomel resident carried out attacks against more than 1,000 computers and placed a $1,200 ransom for each case.
Vladimir Zaitsev, the Ministry of Internal Affairs official, went on to say that the alleged hacker used the darknet to engage in his illicit activities – often seeking darknet anonymity in managing the ransomware botnet. The suspect’s longstanding avoidance of the police was pegged on his dedicated dark web involvement on functions such as the access to the botnet’s admin panel.
Further, according to Zaitsev, some of the profits amassed from the ransomware operation was sent to the administrators of the server he leased. Investigative reports indicate that the hacker’s targets were located across various countries of the world, including India, the U.S., Ukraine, UK, Germany, France, Italy and Russia.
Just recently, Europol released a press statement to report achievements of the international anti-cybercrime initiative called the No More Ransom decryption tool – which, according to the European law enforcement agency, had helped save an estimated $632 million for ransomware victims.
To highlight how much of a big deal GandCrab is, the world-leading cybersecurity firm Bitdefender reported that 12 percent of Europol’s figures accounted for GandCrab decryptors.
From its creation in the year 2018, GandCrab experienced fast growth to become the hackers’ favorite cybercrime tool for affiliate-based ransomware. Experts believe that the ransomware is anchored at the Russian cyberspace, and is administered by operators and affiliates keen to fleece vulnerable victims across the planet.
Importantly, cybersecurity reports indicate that GandCrab follows a strict standard of operation that excludes targets in Russian-speaking nations and destinations affected by steep market economics.
The hacker popularity that this ransomware amassed led it to become one of the world’s most widespread ransomware in less than a year since inception – it represented half of all ransomware infections in the world.
In terms of product differentiation, cyber analysts intimate that a notable advantage of using GandCrab lies within its ransomware-as-a-service licensing model that towers over competing tools.
The licensing model works by enabling an interaction between the ransomware developer and distributors for the benefit of all parties. GandCrab distributors buy and spread the malware across various spaces, thereafter splitting decryption fees with the developer.
It turns out that the affiliate distributors keep 60 percent of the proceeds as the original developers are paid the rest. Indeed, such a model ensures that all threat actors contribute to the system sustainably – developers concentrate on product improvement while the distributors work hard to exploit target victims.
Further, GandCrab boasts of a chat service designed to host discussions between victims and affiliate distributors – normally used by parties to negotiate discounts, extend payment deadlines ad hoc and provide guidance on fiat-crypto conversions.