Alleged GandCrab Distributor Arrested in BelarusCybercriminals could rent GandCrab V5 ransomware.

Authorities Allege He Also Distributed Cryptocurrency Mining Malware

A 31-year-old man who allegedly distributed versions of the GandCrab ransomware has been arrested in Belarus for possession and distribution of malware, according to the country’s Ministry of Internal Affairs.

On July 30, government officials in Belarus announced that the unnamed suspect, who lives in Gomel, was arrested by police in cooperation with the authorities from the U.K. and Romania. Its creators pulled GandCrab ransomware from distribution in 2019 (see: Did GandCrab Gang Fake Its Ransomware Retirement?).

Officials in Belarus note that the suspect appears to have been distributing crypto-miners and programming malicious codes for illegal forums. According to the Ministry of Internal Affairs, the suspect obtained a strain of the Gancrab ransomware by joining a darknet forum and then learned how to operate as a GandCrab affiliate. The creator of the GandCrab malware offered it to others using a ransomware-as-a-service model.

Once the suspect obtained the malware, he sent malicious PDF files through spam emails to victims to infect their systems, authorities allege. The ministry says the suspect charged about $1,200 in cryptocurrency to decrypt each of the infected systems. It asserts that the suspect leased servers to conduct his operation and used the ransomware profits to pay for the facilities.

The hacker allegedly targeted victims in more than 100 countries, including the U.S., U.K., India, Germany, France, Italy, and Russia, says Vladimir Zaitsev, the deputy head of the high-tech crimes department of the Ministry of Internal Affairs.

GandCrab RaaS

GandCrab, discovered in January 2018, opened up a new avenue for criminals interested in launching ransomware attacks. The ransomware-as-a-service offering made it easier for those who lack the skills or resources of more experienced hackers to obtain and use malware (see: Ransomware School: The Rise of GandCrab Disciples).

GandCrab has been one of the most notorious RaaS offerings since it was first spotted targeting South Korean companies. According to previous reports, security experts say the ransomware’s affiliates could sign up to use GandCrab under terms and conditions that included the GandCrab gang getting a 40% cut of all ransoms paid by victims.

GandCrab also served as a launching pad for other ransomware attacks. The ransomware collectives “jsworm” and affiliate “PenLat” later launched the JSworm and Nemty ransomware strains, the New York-based cyber intelligence firm Advanced Intelligence told Information Security Media Group.

The hacking collective known as “truniger” – aka “TeamSnatch” – appeared to learn the RaaS ropes with GandCrab before moving on to take down bigger prey, according to security researchers.

The operators behind GandCrab made an unexpected public announcement in May 2019, saying they would “retire” and claiming their affiliates had earned more than $2 billion in illegal gains over those two years. Once GandCrab left the scene, Sodinokibi became the dominant RaaS player (see: Ransomware: As GandCrab Retires, Sodinokibi Rises).


Nord VPN
60% off Nord VPN
Coinbase - Getty Images - 1234552839
Coinbase – Crypto Currency – Sign up with this link and get $10 free?! Buy/sell/exchange crypto, and use their ATM card to access your cash easily!
Chase Sapphire Preferred - Travel Points
NordPass - Password Manager - CJ Banner
https://www.dpbolvw.net/click-100604079-15345170
Binance Cryptowallet - Buy/Sell
Binance Blockchain
Amazon - Daily Deals
Amazon’s Daily Deals!
Your favorite restaurants are delivered to your front door! Grubhub!
Game Fly
Game Fly Video Game Rentals!

Please enter CoinGecko Free Api Key to get this plugin works.