If you were a victim of GandCrab ransomware – and reports say many people were last year – don’t read this.
It will make your blood boil.
Security Journalist Brian Krebs reports that he did some online digging, and figured out who might be behind the sales of the very successful global strain of ransomware. He points to a 28-year-old Russian fishing enthusiast from Magnitogorsk in southern Russia.
Beginning in January 2018, GandCrab’s creators of the ransomware shipped five major revisions to the code, each corresponding with new features and bug fixes aimed at thwarting the efforts of computer security firms trying to stop the spread of the malware, Krebs said.
The malware was sold on the Dark Web to affiliates for their use.
Krebs said he was able to trace Dark Web GandCrab accounts back an Igor Prokopenko. Krebs says some accounts shared a phone number – and a password – used on Prokopeno’s Vkontakte account. Vktontakte is a Russian type of Facebook.
(Interestingly, Krebs accuses Prokopeno of using the same weak, guessable password – his birthdate – repeatedly to set up accounts.)
For the record: Krebs says Prokopenko told him “Hey. You’re wrong. I’m not doing this.”
The hacker(s) behind GandCrab ransomware announced May 31 that they were shutting down sales of the malware.
“We are getting a well-deserved retirement,” a statement Krebs attributed to them said. “We are living proof that you can do evil and get off scot-free. We have proved that one can make a lifetime of money in one year.”
A lifetime of money was defined elsewhere as $150 million for the GandCrab creator(s), and more than $2 billion paid ransoms.
Krebs said Kaspersky Lab estimated GandCrab accounted for approximately half the global ransomware market when it shut down.