Delaware, USA – June 3, 2019 – Appeared at the beginning of last year, the Ransomware-as-a-Service platform GandCrab quickly gained popularity and became a leader in the number of “customers”. According to the adversaries’ post on the popular underground forum Exploit.in, for the sixteen months the victims paid about $2 billion for decrypting their data, and the creators of malware earned about 150 million commissions, which they successfully cash out and invested in “various spheres of white business both in real life and on the Internet.” Now the platform is waiting for a shutdown in about three weeks. Adversaries warn that all decryption keys will be deleted, probably this should encourage those who doubt to pay the ransom while it is still possible.
Clients of the platform received information about the imminent shut down of service in advance, perhaps in this regard, there has recently been a decline in the attacks with GandCrab ransomware. If there is a gap, something will fill it. It is assumed that other malware authors will soon offer something to replace the retired leader. Moreover, just a few months ago there was already an attempt to lure some of the clients of the GandCrab platform. Also, exploit kits that previously distributed this strain have switched to the distribution of another ransomware. So Fallout EK is noticed in the distribution of the new version of Maze ransomware, which determines the type of infected machine and, depending on this, changes the amount of ransom payment. Also continues to grow the number of attacks on organizations and the average amount of the ransom payment. To detect such attacks before the files are encrypted, you can use the Ransomware Hunter rule pack available in Threat Detection Marketplace: https://my.socprime.com/en/integrations/ransomware-hunter-arcsight