Belarus picks up potential distributor of ransomware-as-a-service GandCrab

An alleged distributor of the infamous GandCrab ransomware has been arrested in Belarus. A 31-year-old man is suspected of running the ransomware-as-a-service. He is said to have made more than a thousand victims.

The man was arrested in the border town of Gomel. Belarusian authorities suspect the man signed himself up on a hacker forum to become a GandCrab distributor. The man is said to have rented a website from which he managed his own version of GandCrab, which he then sent via phishing emails.

The suspect is said to have made at least a thousand victims with the ransomware. These were mainly individuals, not companies. He asked around a thousand euros in cryptocurrency ransom for each victim. It is not clear how much money the suspect would have actually stolen. The victims came mainly from India, the US, and Russia, but also from the United Kingdom, Germany, France and Italy.

GandCrab is ransomware-as-a-service. Distributors can sign up to send it. The distributors keep sixty or seventy percent of the ransom. The rest goes to the original creators of the ransomware. The creators also manage the servers of the ransomware. GandCrab is said to have several dozen such distributors.

GandCrab is one of the best-known ransomware types that mainly caused a lot of individual victims. Decryption tools were often made for the malware, on which GandCrab released a new version.

A year ago, its creators said they had stopped spreading the ransomware. In their own words, almost two billion euros in ransom had been collected, but that amount cannot be verified and is questioned by most experts.