There is no shortage of malware around the world but the most vicious kind are the ones that hold people’s precious files for ransom. Even worse are the ransomware that demand payment from victims knowing fully well that there is actually no way to recover those files. One of the most recent and most egregious is the GrandCrab strain of ransomware. The good news is that its principal owners and operators have announced their “retirement”. The bad news is that they’re doing so because they claim to have already earned $2 billion from the operation.
Security outfit Bitdefender Labs noticed the new malware back in 2018 and traced its roots to the “former Soviet space”. In less than a year, it managed to corner more than 50% of the ransomware market and become the go-to tool for affiliate-based ransomware. It seemed to infect
GrandCrab was notable not for its sophistication but for the economy that thrived underground. Affiliates who purchased the malware gave 40% of profits to the original authors. The latter claimed that they have earned more than $2 billion from the operation. The number might be exaggerated but the reach of the ransomware suggests the actual number is still a significant amount.
Now the GrandCrab developers are “retiring” and will be shutting down the operation. While that may mean one less malware out in the wild it sadly also means that they are deleting the recovery keys they may or may not have. That means if victims pay the ransom now or in the future, they will no longer be able to recover their files anyway.
Bitdefender, however, also presents another reason why GrandCrab is going dark. It says it has worked with authorities around the world to develop tools to recover victims’ files for free, cutting off the operation’s source of profit. There may still be hundreds if not thousands of affected computers, however, and GrandCrab’s legacy may be far from over.