A suspected GandCrab Ransomware member was arrested in South Korea for utilizing phishing emails to contaminate victims.
The GandCrab ransomware operation started in January 2018 when it shortly grew to become a malware empire threatening companies worldwide.
Operated as a Ransomware-as-a-Service (RaaS), the GandCrab builders teamed up with associates in a income share partnership, with associates incomes between 70-80% of a ransom cost.
The operation shut down in the summer of 2019, however many safety researchers consider the core builders went on to start out the REvil ransomware group.
Suspected affiliate arrested in South Korea
As first reported by TheRecord, a 20-year-old man was arrested on February twenty fifth by South Korean police after a global investigation traced GandCrab ransom funds to withdrawals made by the suspect.
South Korean media states the suspect distributed 6,486 phishing emails. These emails pretended to be from South Korean police investigating the e-mail recipient’s on-line defamation.
Included within the emails had been attachments that will infect the sufferer with the GandCrab ransomware, encrypt recordsdata, and demand a $1,300 bitcoin ransom.
Whereas the GandCrab operators boasted that they generated $2 billion in ransom funds, this alleged member didn’t get wealthy from his illicit actions.
South Korean police state that the suspect solely earned 12 million South Korean received or roughly $10,500 as a part of the illicit actions.
The police state that one other suspect, who shared the GandCrab ransomware with the arrested particular person, continues to be at giant.
In July, Belarus regulation enforcement additionally arrested a 31-year old GandCrab member who acted as an affiliate for the ransomware operation.
Joint regulation enforcement operations have had already had nice success battling ransomware gangs this 12 months. Final month, worldwide regulation enforcement took down Netwalker and the Egregor ransomware operations.