Skip to content ↓ | Skip to navigation ↓

Government officials in Belarus announced they had arrested an individual on charges of having helped to distribute GandCrab ransomware.

On July 30, the Ministry of Internal Affairs (MIA) of the Republic of Belarus revealed that it had arrested a 31-year-old resident of Gomel in cooperation with the United Kingdom and Romania.

An investigation into the Gomel resident revealed that they had infected more than one thousand computers with GandCrab ransomware.

Malicious actors involved GandCrab in various attack campaigns over the years. Back in August 2018, for instance, a group of digital attackers staged a spam email campaign to target South Korean users with version 4.3 of the ransomware. That was just a couple of months before the Fallout exploit kit made news for distributing GandCrab along with Kraken ransomware.

Security researchers were busy working on a decryption tool throughout these campaigns. In October 2018, Bitdefender released a free GandCrab decryptor after the threat’s authors published keys specifically for citizens of Syra. Bitdefender went on to release two updated versions of its decryption software in February 2019 and June 2019.

As reported by Trend Micro, the authors of GandCrab are believed to have redirected their attention to crafting the more advanced ransomware variant Sodinokibi.

According to MIA statement, the Gomel resident maintained their control of GandCrab using an admin panel that was available on the dark web. This tactic enabled the individual to remain hidden while they transferred ransom payments worth approximately $1,200 to the ransomware’s authors along with those who owned the admin panel’s server.

The individual had helped to infect victims located in India, the United States, Ukraine, Great Britain, Germany, France, Italy and Russia with the ransomware.

MIA urged users to protect themselves against a ransomware infection by avoiding suspicious links, backing up their data and keeping their software up to date. They can also use these steps to prevent a successful ransomware attack.