January 2021 BCS365 Cyber Security Team, @BCS365IT
How was a single ransomware operation able to make so much money — And so many victims?
$2 Billion.
Users around the world begin receiving seemingly harmless email messages.
It's January of 2018.
One variation containing updated instructions — Seemingly from inside the company — on how to leave the building in case of fire or disaster.
These were simple messages,
(Real Message)
users to open the attached Word document and enable macros to see the supposed map.
The nature of the message encouraged
the ransomware quietly installed itself and started to prepare for its next phase of attack:
Once opened,
Once all files were encrypted, the attack began.
Encrypting files in the background.
and shown the ransom message:
Users were locked out
The criminals behind GandCrab made the news for showing a sliver of empathy for a section of its victims.
In October of 2018, there was a surprising development.
the extortionists released a decrypting file that could be used by everyone, adding that they should have excluded Syria from the list of targeted countries in the first place.
Following a tweet from a distraught Syrian man,
A new, more sophisticated variation was released.
This was not the end of GandCrab.
And in a matter of months,
GandCrab had become one of the most prolific ransomware operations in history.
As of June 2019,
the group had claimed to have extorted over $2 billion out of users and businesses.
GandCrab was able to make so much money is that it was developed as an RaaS — Ransomware-as-a-service operation.
One of the main reasons why
RaaS allows anyone with an internet connection — regardless of their technical literacy — to purchase powerful ransomware via the Dark Web and carry out devastating encryption attacks against the targets of their choice.
In fact, ransomware attacks like GandCrab are also being deployed from within.
A relatively recent phenomenon,
Meanwhile,
the creators behind GandCrab continue to be defiant.
In a message posted in a well-known hacking forum. they said:
We have proved that by doing evil deeds, retribution does not come.
In a message posted in a well-known hacking forum. they said:
We successfully cashed this money and legalized it in various spheres of white business both in real life and on the internet.