Operator Behind The Most Infamous and Deadliest GandCrab Ransomware Arrested in Belarus

Recently, the operator behind GandCrab ransomware has been arrested in Belarus, according to the reports, the law enforcement of Romania and the UK has identified the threat actor. 

All the official details have not been leaked by the Internal ministry officials of Belarus, though they have mentioned that the threat actor lives in Gomel, one of the cities of southeastern Belarus, and the officials also affirmed that the individual is in his 30’s.


GrandCrab is a ransomware that generally encrypts the files of victims and then charges Ransom from the victims so that after paying, they can get access to their data. The GandCrab usually targets the business firms and organization, whose PC’s are operating the Microsoft Windows. 

GandCrab serves as an affiliate marketing business guide, as they have a popular service, which is known as Ransomware-as-a-business (RaaS), in this, small low-level cybercriminals do all kinds of heavy lifting and finds victims from different countries.

GandCrab Affected more Than 100 Countries

The threat actors behind the GandCrab encrypting computers in nearly 100 different countries. The threat actor had demanded an amount equal to 1.2 thousand US dollars for decrypting all the encrypted files. 

All the admin panel had been managed from the darknet, as it helps the threat actor to stay in anonymous form for a long time. The threat actor of this ransomware has attacked various victims from all over the world, and the most number of victims were from the USA, Ukraine, India, Great Britain, Italy, Russia, Germany, and France.

The researchers asserted that how much money has been stolen by the hackers is still not yet clear, but they confirmed that they might have stolen a lump sum amount of money from the victims.

The security researchers claimed that, on June 1st, 2019, GandCrab shut down its operation after generating more than $2 billion in Ransom. And not only that, even the attackers managed to earn more than $150 million as their personal profit.

GandCrab has shared a post which shows that they would receive 60% for the initial three ransom payments that they are liable for, and after the third payment, their income percentage would start from 70%. The attackers terminate the GandCrab ransomware after getting the desired ransom amount from their victims. 

Apart from this, the FBI is still investigating the whole matter, and they have revealed the encryption keys of this ransomware, but they have not revealed how they obtained all the encryption keys. The FBI asserted that they would go through every detail of this ransomware, and soon reveal the key details publicly.

Users are advised to read the Anti-ransomware checklist and Ransomware Attack Response Checklist

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read:

Try2Cry – A .NET Ransomware Attack Windows Users and Lock The Files via USB Flash Drive

Maze Ransomware Operators Hacked Highways Authority Of India (NHAI)

“BootHole” Vulnerability in GRUB2 Bootloader Affects Billions of Windows and Linux Devices

Leave a Reply