The Ministry of Internal Affairs of Belarus has announced the arrest of a 31-year-old man who served as an affiliate in the infamous GandCrab ransomware-as-a-service program.
“Office ‘K’ of the Ministry of Internal Affairs, in cooperation with the Cyber police of Great Britain and Romania, identified a member of an international hacker group that used during 2017-2018, one of the most famous ransomware virus ‘GandCrab,’” reads a rough English translation of the press release. “On their account – more than 54 thousand infected computers around the world, 165 of which belong to the citizens of Belarus.”
Vladimir Zaitsev, deputy head of the High-Tech Crime Department of the Ministry of Internal Affairs, says the hacker, who has yet to be named, is a 31-year-old resident of Gomel who had no prior convictions. He allegedly infected more than 1,000 computers and demanded the equivalent of $1,200 for decrypting each one.
“Access to the admin panel for managing the ransomware botnet was carried out via the darknet, which allowed the attacker to remain anonymous for a long time,” the news release states.
“Part of the profits was transferred to the administrators (operators) of the server he leased,” Zaitsev said.
The hacker’s victims span several countries, including India, the US, Ukraine, UK, Germany, France, Italy and Russia – where most of his victims resided.
Last week, Europol announced that the No More Ransom decryption tool repository had amassed over 4.2 million visitors from 188 countries as the service turned four years old. The agency said the repo helped save an estimated $632 million for ransomware victims worldwide. Bitdefender calculates that its GandCrab decryptors alone are responsible for 12% of that figure.