This article is more than 1 year old

Nice work if you can get it: GandCrab ransomware nets millions even though it has been broken

As it turns out, crime pays incredibly well for some

The infamous GandCrab malware infection has netted its operators an estimated nine-figure payout from targeting large, high-value corporate systems.

This according to security house Bitdefender, who reckon that in the last two months alone victims have forked over more than a quarter of a billion dollars to crooks in order to have their data decrypted.

Unlike previous infections that try to infect as many systems as possible and ask for a small payout, GandCrab goes big by demanding huge payouts in hopes that some of the infected systems belong to large, wealthy companies that will fork over the exorbitant ransom in order to get essential data back. The operators of the malware take this a step further by creating personalized ransom notes when they realize they have infected a high-value machine.

"Considering the lowest ransom note is $600 and almost half of infected victims give in to ransomware, the developers might have made at least $300m in the past couple of months alone," says BitDefender's Liviu Arsene.

"And actual financial losses could be significantly higher, considering that some victims have reported a ransom notes of $700,000."

BitDefender, meanwhile, has been offering a free decryption tool that allows users to recover their data when GandCrab strikes.

The security firm estimates that, since its release, the tool has allowed users to avoid paying some $1m in ransom demand (though those numbers make the assumption that everyone who used the tool would have paid the ransom had they not decrypted the files on their own.

Jigsaw puzzle of a desktop box

Got that itchy GandCrab feeling? Ransomware decryptor offers relief


"Developed in a collaboration between Bitdefender, Europol, and Romanian Police, with support from the FBI and other law enforcement agencies, the tool lets victims around the world retrieve encrypted information without paying the hackers," said Arsene.

"Based on the number of decryptions registered by our tools, tens of millions of dollars’ worth of ransom may have been saved."

Experts have long advised users not to give in to ransomware demands. Aside from encouraging criminal behavior, there is no guarantee that paying will actually result in data recovery, as a recent study estimated that fewer than half of paying targets ever recover their data.

Rather, it is advised that both home users and businesses maintain regular backups of a system that would allow them to wipe and restore an infected machine with minimal loss of data. ®

More about


Send us news

Other stories you might like