GandCrab Ransomware: Shield Your Business from the Escalating Cyber Threat

The Escalating Menace of GandCrab Ransomware

In the ever-evolving landscape of cyber threats, ransomware attacks have become increasingly sophisticated and damaging. Among these, GandCrab Ransomware has emerged as a significant concern. In 2020, Belarusian law enforcement apprehended a 31-year-old man, alleged to be the mastermind behind GandCrab, which had extorted over 1000 victims between 2017 and 2018. This cybercriminal exploited the untraceable nature of cryptocurrency transactions, demanding Bitcoin payments ranging from $400 to $1500.

Global Reach and Cybercriminal Endeavors

The impact of the GandCrab hacker extended far beyond Belarus, with systems infected in the US, UK, Ukraine, France, Italy, and Russia. Authorities suspect this individual to be a career cybercriminal, earning his entire income through hacking. Notably, he not only deployed GandCrab Ransomware but also created and sold malware on underground forums, contributing to the global cybercrime ecosystem.

Decoding GandCrab Ransomware

The internet has facilitated the creation of various “as-a-Service” products, such as Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). The hacker community has also adopted this model, with underground forums trading hacking tools and credentials. GandCrab operates within this framework as Ransomware-as-a-Service (RaaS), eliminating the need for users to develop their own hacking tools.

GandCrab operators handle most of the work, charging fees typically around 30%, similar to the commissions taken by Apple and Google in their SaaS marketplaces. The authors of GandCrab shut down their RaaS offering in 2019, boasting that their affiliates had earned over $2 billion, with hundreds of millions going to the operators themselves.

The Evolution of Ransomware: REvil and MAZE

Security experts believe that the GandCrab hackers did not retire but instead continued to develop more devastating ransomware services. Traditional ransomware encrypted files, impacting data availability, but strong backups allowed companies to ignore extortion requests by restoring their files. However, experts suggest that GandCrab authors retired it to build a new ransomware attack focused on data confidentiality.

Sophos, a leading cybersecurity firm, argues that the GandCrab authors developed and released REvil Ransomware, which threatens to auction personal information about celebrities and popular organizations. Similarly, MAZE ransomware exports a company’s critical data and threatens to release it to the public internet. These new ransomware attacks represent a significant escalation in threats to companies, as backups are no longer a sufficient mitigating control.

Safeguarding Your Business from Ransomware

The most effective defense against cybersecurity threats is educating your staff and clients to improve their awareness. According to Lucy Security CEO Colin Bastable, “All the security technology in the world is not going to protect against determined attackers. 97% of losses stem from socially-engineered attacks, and over 90% are initiated by email.”

Given these statistics, the first step in securing your business is to train your users. Ransomware attacks are growing in frequency, sophistication, and impact, forcing more organizations to pay the ransom. As long as businesses keep paying, hackers will continue developing more devastating attacks.

Additional Protective Measures

In addition to awareness training, consider the following actions to protect your business and reduce the chances of falling victim to ransomware attacks:

Adopt two-factor authentication on all critical internet-facing services.
Follow the 3-2-1 backup method for securing all your critical and sensitive data.
Phish test employees to keep them vigilant about inspecting every email.
Have a documented and tested Business Continuity and Disaster Recovery (BCDR) plan.
Govern employees with cybersecurity policies.