Belarus authorities have announced the arrest of the individual behind GrandCrab ransomware. The infamous ransomware has caused huge losses globally and is hated by many.
The developer behind GrandCrab
Belarus police stated through the Ministry of Internal Affairs that the 31 year old suspect behind the program was arrested. The police stated that the suspect is connected to the ransomware-as-a-service program. The suspects service has been used by many bad actors against companies causing huge economic losses globally.
Local law enforcement issued a press release with a sketchy English translation. The statement highlighted the significance of the arrest in the universal war on cyber-crime. The suspect was tracked down with help from British and Romanian cyber police division.
The official press release recognized the extent of the damage caused by the malware. Over 54,000 computer systems across the glove have been officially affected by the virus with 165 of them located in Belarus.
The head deputy of the cyber-crime police division mentioned a few more details. He stated that the unnamed hacker who had no prior criminal record carried out attacks on more than 1,000 computers. Each infected computer has a $1,200 ransom.
Vladimir Zaitsev, an official from the Ministry of Internal Affairs made a statement. He alleged that the hacker used the dark-net to engage in his illicit activities - often seeking dark-net anonymity in managing the botnet. The reason the suspect was not captured earlier was pointed to the dark-net. Most of the ransomware functions could only be accessed from the dark-net, which is where the botnet's admin panel was located.
According to Zaitsev, a percentage of the profits made from the ransomware were sent out to administrators of the server used by the virus. Investigative reports indicate that the hackers targets were located around the world. Targets were found in India, Russia, Ukraine, Germany, France, Italy and even the United States.
About the GrandCrab
Europol released a press statement in recent weeks. The press statement reported the achievements of the international anti cyber-crime initiative. 'No More Ransom' is a decryption tool which according to European law enforcement helped victims save over $632 million in ransom.
To highlight how significant GrandCrab is, the leading Bitdefender released a report. The leading cybersecurity firm found that 12% of Europols figure accounted for GrandCrab. The suspects behind the attacks could have made over $50 Million if it wasn't for 'No More Ransom'
Since its creation in 2018, GrandCrab has experienced huge growth in the cyber-criminal space. GrandCrab quickly became a favorite tool for cyber-criminals. The already dangerous tool could be used by not that experienced users which made it even more dangerous. Experts say that the ransomware is anchored at the Russian cyberspace. The tool is administered by operators and affiliates trying to make money from vulnerable victims around the globe.
Many cybersecurity reports indicate GrandCrab follows some strict guidelines. The ransomware operations exclude targeting Russian-speaking nations and destinations with unstable economies.
The tool amassed massive popularity in the hacker space. This led it to become one of the world's most widespread ransomware tools in less than a year since its launch.
Cyber analysts found that in terms of product differentiation GrandCrab has a notable advantage. GrandCrabs advantage lies within it's ransomware-as-a-service model that kills other competing tools.
The licensing model enables an interaction between the ransomware developer and distributor. To benefit both parties GrandCrab distributors buy the malware and split earning with the developer. Once the ransom is paid a percentage of the earnings is sent to the developer of the tool. From a legal standpoint this is great news because this makes the developer liable for every computer infected.
The distributors of the malware keep 60 percent of the earnings. The original developer of the ransomware keeps the rest. Such is model is sustainable and lets the developer earn money without spreading the ransom. This is a great model for the distributors too because it lets the developer focus on finding more exploits to target victims.
GrandCrab also features a chat service that the developer boasted about. The chat is designed to host discussions between the victims and the distributors of the malware. The chat was mostly used to negotiate discounts and extend payment deadlines. Distributors also commonly used the chat in order to help victims with fiat to crypto conversions.