Choose your language
VNCDN Products
Other Products


Hotline: (028) 7306 8789

GandCrab Ransomware stops woking after earning 2 billion dollars

GandCrab Ransomware stops woking after earning 2 billion dollars

After devastating for a year and a half, those who are behind the ransomware GandCrab announce that it will stop working, simultaneously urge the “branches” to stop distributing it.

The latest ransomware following CTB Locker and WannaCry, GandCrab sent greetings to Internet users on 28th January 2018 and outbreak rapidly, alongside, hackers spread it on dark webs. Since then, GandCrab became the ruler, traumatized all computer network all over the world, including Vietnam.

How dangerous is GandCrab?

GandCrab is a type of ransomware spread through the exploit kit RIG. After it hacks into the system, data will be encrypted to “*.GDCB” file or “*.CRAB” file and unusable. When encrypting, the ransomware will create a file named CRAB-DECRYPT.txt and demand users to pay the ransom from 400 – 1.000$ by DASH.

To decrypt data, victims have to create a Tor website and follow the instructions. This web announces that decrypting requires a single key, stored on a remote server and controlled by Gandcrab’s developers. Unfortunately, this information is absolutely true and there is no tool that can restore files encrypted by GandCrab yet.

GandCrab stops working after making a lot of money

Security researchers Damian and David Montenegro, who tracked GandCrab’s activities, indicate that GandCrab’s hackers posted on the forum specializing in hacking and malware- they are going to deactivate GandCrab completely step by step.


GandCrab’s developers announced on the forum 

According to the post, GandCrab’s developers had made a total of over 2 billion dollars from this ransomware through ransom payment accounts of victims. In average GandCrab makes about 2,5 million dollars a week, 150 million dollars of that were cashed and paid for the project.

They also mention the shutdown of this ransomware, request the “branches” to stop spreading it within the next 20 days and delete all related data at the end of the month at the same time.

Besides, the attackers didn’t forget to send the last notice to the victims who haven’t paid the ransom yet, that if they want to have important data back they have to be hurried since the decrypting keys will also disappear at the end of the month, means all victims’ data will be vanishes for eternity.

If this really is a withdrawal of GandCrab, after causing huge damage up to over 2 billion dollars globally, it’s still a good thing for mankind. However, many companies had suffered a lot when their data being taken by this ransomware.

Nevertheless, the history of network security has witnessed many scenarios in which some large-scale-ransomware will replace previous ransomware that had stopped working. This shows that in the near future when GandCrab had stopped working, it is very possible that another ransomware will raise and threaten organizations, companies around the world with more dangerous and sophisticated ways of attack.

Ransomware’s nature is a malware causing a lot of damage, so the company’s data security is very important and necessary. First of all, companies need to equip basic knowledge of network security for staves and be highly alert of hackers’ attack. Also, the best protection against malware is using security system effectively preventing sophisticated attacks causing by hackers.