“We have proved that evil does not necessarily have bad news, but also proves that a year can earn a lifetime of money.”
Recently, the GandCrab ransom virus declared “retirement” in the form of a winner. Before that, it had been raging for over a year in Brazil, the United States, India, China and many other countries, and extorted more than 2 billion dollars (about 13 billion 400 million yuan) ransom.
[deep chain originality]
After extorting $2 billion, Jin basin washes his hands.
Does evil do not suffer retribution?
After more than a year of global abuse, computers in many countries such as Brazil, the United States, India and China have been infringed. In June 2nd, GandCrab ransom virus developers posted in Exploit.in (underground hackers and malware forums) to announce “golden basin wash hands”.
GandCrab developers say that by working with them for a year, people (buying blackmail hackers) have earned over $2 billion (about 13 billion 400 million yuan) in revenue, accounting for an average of $2 million 500 thousand a week, and GandCrab is also famous in this field.
GandCrab developers revealed that they had earned $150 million in personal income, and had successfully washed the money through entities and Internet industries, and are preparing to retire.
“We have proved that evil does not necessarily have bad news; it also proves that in a year it can earn a lifetime of money; it also proves that it is possible to become the first person in the eyes of others, rather than in the mouth.”
In addition, GandCrab also announced that they would suspend advertising and information flow of virus software at the next time. For the extortion virus victims, if they do not buy the unlock tool now, the data will not be recovered after that, and the key will also be deleted.
In March this year, the news that “government departments were blackmailed by viruses and demanded payment of digital money” was widely disseminated, and the prime culprit behind it was GandCrab.
“Since March 11, 2019, a hacker organization outside China has launched a blackmail virus attack on the relevant government departments in China. The mail theme is “you have to report to the police at 3 p.m. on March 11th.” The attachments are called ’03-11-19.rar’. Technical analysis shows that the version of the ransom virus is GANDCRAB V5.2, the latest updated blackmail version of the virus in February 2019.
A number of agencies such as the Yiling district government in Yichang, Hubei province have issued a notice to prevent GANDCRAB attacks on the official website.
After the software is run by users who do not want to click on GandCrab, the extortion virus will encrypt the data of the host’s hard disk completely. Only when the access Web site provided by the attacker is downloaded, download the Tor browser, and pay a certain amount of encrypted currency ransom, can the key be unlocked.
Because technology is hard to crack and spread widely, GandCrab has become the most influential extortion virus software in 2018, just like what GandCrab developers say, becoming “the first in the eyes of others”.
“Rogue”, selling the virus, collecting Commission, extorting the world currency.
Unlike other blackmailing software notoriously different, because of the previous “Syria key event”, GandCrab acquired a title of “rogue virus” with aura of color.
In October 16, 2018, a father of Syria sent twitter for help, claiming that his children died in the war. The only thought left behind was the video and photos stored in the computer, and the GandCrabV5.0.3 virus locked his computer.
“They need 600 dollars to give me my child. I have no money to feed myself and my wife. Where do I pay them?”
After seeing the Syria father’s Twitter, GandCrab developers quickly apologized at the forum, saying that it was a mistake not to include Syria in the attack free list, and said that all the keys needed by Syria victims had been released.
Subsequently, GandCrab carried out the V5.0.5 update, and other areas of war, including Syria, were listed in the “white list” of extortion virus.
As a matter of fact, GandCrab has been updating its iterations since its inception, and its encroach ability has been enhanced, so that many security personnel are helpless, calling it “unbreakable virus”.
Some netizens said that their computer infected with GandCrab virus, because it could not be cracked and did not want to pay ransom, finally had to format the computer, emptied all the contents.
At the end of January 2018, foreign security researchers discovered the first version of the GandCrab virus. According to analysis, GandCrab is mainly disseminated through a malicious advertising software called Seamless. Attackers used the top-level vulnerability tool kit to find software vulnerabilities in computer systems and install GandCrab without user permission.
In the following February, another network security researcher found that GandCrab was being sold through the Ransomware-as-a-service (RaaS) platform.
That is to say, developers of GandCrab blackmail software do not intend to spread the virus ransom by themselves, but rather benefit from selling the virus software.
It is understood that when infected users are paid to ransom by attackers, GandCrab developers will charge about 30% of the rankings.
However, for buyers, GandCrab has strict restrictions: purchasers should not target computer users located in the Commonwealth of Independent States (Azerbaijan, Armenia, Belarus, Kazakhstan, Kyrgyzstan, Moldova, Russia, Tajikistan, Turkmenistan, Uzbekistan and Ukraine).
Some experts have speculated that such restrictions may be due to the fact that the developers of GandCrab are Russians.
By selling publicly on RaaS, GandCrab spread rapidly and attacked computers in Brazil, the United States, India, Indonesia and Pakistan.
In March 2019, GandCrab began invading China, and thousands of governments, enterprises and related scientific research institutions were infected with computers. For a while, a number of agencies including the Yiling district government of Yichang, Hubei, the Institute of Metal Research of the Chinese Academy of Sciences and Yunnan Normal University have issued a notice to prevent virus attacks on the official website.
Compared with other ransomware, GandCrab has some differences.
When most extortion software chose to use bitcoins or Monroe coins as ransom, GandCrab chose DASH, which had never been ransom before.
It is reported that the first generation of GandCrab extortion amounted to 1.54 TSE (about $1200 at that time), perhaps because of the relatively small number of world currencies. After that, GandCrab increased bitcoin as a means of payment for ransom.
At the end of 2018, GandCrab developers said at the forum that the total number of coins and bitcoins earned was over $2 million 850 thousand.
The mutual relationship between encrypted currencies and dark industries
In the week before GandCrab announced the gold basin wash, in May 26th, it was easy to release the official WeChat to the vehicle. It said that it was easy to encounter a continuous attack on the vehicle server, and the attacker demanded a huge number of bitcoins to threaten him. The attack led to the core data being encrypted and the server down.
In May 7th, the Baltimore municipal government server was attacked by “Robbinhood” blackmail software, and the services such as real estate transaction and online payment were affected. The attacker asked for 13 bitcoins from the Baltimore municipal government.
Earlier in 2017, the WannaCry ransom virus, which was also ransom with bitcoin as a ransom, ravaged the world, causing 300 thousand users of more than 150 countries and regions to suffer from computer attacks and attacks, and spread to many industries such as finance, energy, education and medical care, resulting in huge losses of about 8 billion dollars.
Until 2018, the remaining WannaCry remained. In August, the three production lines of TSMC were attacked by WannaCry variant virus. This is the first time that TSMC has been invaded by the virus, and the estimated loss is about 1 billion 150 million yuan.
In fact, since the birth of bitcoin and other encryption currencies, it has maintained an ambiguous relationship with the dark industry. In a sense, it can be said to be mutually successful. Extortion virus software, black market transactions use bitcoin privacy, anonymity to protect their own security, but also for bitcoin and other provide a circulation scene, supporting its value.
If Lassler Haunets made ten thousand bitcoins for two pizza in 2008, he gave the bitcoin price for the first time. Then the dark industry is to some extent “bitcoin” this means of payment to carry forward. Even in the bitcoin market value of more than about 140000000000 U.S. dollars today, many people still believe that the black market is the value of bitcoin support.
The GandCrab extortion virus declared “all good things will be over” in victory. But in fact, no matter whether or not there is money encryption technology, as long as there is the temptation of wealth, this evil behavior will continue.
This article is original for deep chain Deepchain (ID:deepchainvip). Unauthorized transfer is prohibited.