GandCrab Ransomware Crew To Retire After $2 Billion Shakedown Of Victims

It is said that no good deed goes unpunished, but on the flips side, there are bad deeds that get rewarded. So it goes for the hackers responsible for GandCrab, a popular form of ransomware that was sold to clients on the dark web, who are now retiring and going legitimate with their earnings.

The hackers claim that GandCrab netted its clients around $2 billion, all extracted from victims who opted to pay for a decryption key after falling prey to the ransomware. Whether that figure is accurate or not is up for debate. However, the hacking group also claims it "earned more than $150 million per year" from GandCrab and is now "leaving for a well-deserved retirement."

"We have proven that be doing evil deeds, retribution does not come. We proved that in a year you can earn money for a lifetime. We have proved that it is possible to become number one not in our own words, but in recognition of other people," the hackers wrote in a forum post.

The celebratory retirement post also puts out a request to stop any advertising campaigns for DandCrab, and for its affiliates to stop distributing the ransomware within 20 days. It also instructs current victims to buy a decryption key now, because once DandCrab is pulled from commission, the keys go with it.

According to BleepingComputer, DandCrab exploded in popularity in January 2018, when the hacking group starting promoting its ransomware on the dark web. It filled a void left by TeslaCrypt, CrytpoWall, and other major ransomware campaigns.
While active, the hackers would often taunt and joke with researchers. They would inject "Hello" messages to specific researchers in its ransomware, that those researchers would discover when analyzing DandCrab, and named their command and control servers after popular security outfits.

It was not a laughing matter to the group's victims, however, and the hackers would sometimes be vindictive in their exploits. For example, after AhnLab released a mitigation for GandCrab, the hacking group said it was releasing a zero-day threat for the AhnLab V3 Lite antivirus software.

That is all supposedly behind them now. The group claims it has invested its earnings into various legitimate businesses, both online and in the real world. So in this particular instance, it would appear that crime does in fact pay.