January 2021
BCS365 Cyber Security Team, @BCS365IT

How was a single ransomware operation able to make so much money — And so many victims?

$2 Billion.

Users around the world begin receiving seemingly harmless email messages.

It's January
of 2018.

One variation containing updated instructions — Seemingly from inside the company — on how to leave the building in case of fire or disaster.

These were
simple messages,

(Real Message)

users to open the attached Word document and enable macros to see the supposed map.

The nature of the
message encouraged

the ransomware quietly installed itself and started to prepare for its next phase of attack:

Once opened,

Once all files were encrypted, the attack began.

Encrypting files in the background.

and shown the ransom message:

Users were
locked out

The criminals behind GandCrab made the news for showing a sliver of empathy for a section of its victims. 

In October of 2018, there was a surprising development.

the extortionists released a decrypting file that could be used by everyone, adding that they should have excluded Syria from the list of targeted countries in the first place.

Following a tweet from a distraught Syrian man,

A new, more sophisticated variation was released.

This was not the end of GandCrab.

And in a matter of months,

GandCrab had become one of the most prolific ransomware operations in history.

As of June 2019,

the group had claimed to have extorted over $2 billion out of users and businesses.

GandCrab was able to make so much money is that it was developed as an RaaS — Ransomware-as-a-service operation. 

One of the main reasons why

RaaS allows anyone with an internet connection — regardless of their technical literacy — to purchase powerful ransomware via the Dark Web and carry out devastating encryption attacks against the targets of their choice.

In fact, ransomware attacks like GandCrab are also being deployed from within.

A relatively recent phenomenon,


the creators behind GandCrab 
continue to
be defiant.

In a message posted in a well-known hacking forum. they said:

We have proved that by doing evil deeds, retribution does not come.

In a message posted in a well-known hacking forum. they said:

We successfully cashed this money and legalized it in various spheres of white business both in real life and on the internet.



91% of ransomware attacks suffered by small business start via email.

The numbers tell a different story.

Too many small and medium-sized businesses think they're not going to be targeted.

is business strategy.

Cyber Security strategy

Learn more at bcs365.com/security

Prepare for the when,
not the if.