During its formative phase, the cryptovirological operatives were more focused on targeting individual users to rip them off for ransomware removal. For that matter, earlier cryptovirological families such as CryptoLocker and CryptoWall used to target personal devices for a small amount of ransom. However, they soon realized that targeting business organizations and public entities was a more lucrative business model. In the last two years or so, we have seen how business and public sector has been targeted by cryptovirological activity. If we particularly talk about this year, then GandCrab ransom family, first detected in January this year, emerges as the most money-spinning tool for cybercriminals. In the last 9-10 months, it has affected roughly 500,000 users all around the world.
What makes GandCrab effective?
GandCrab has become a great tool for cybercriminals to extort money because it has a unique feature of devising customized ransom notes. This means the operators can demand the extortion amount by taking into account the financial standing of the victim and the nature of the locked down data. Therefore, the reported ransom demand in cases of GandCrab attacks ranges from $600 to $700,000. It has also been reported that half of the victims have yielded to the demands of the operators for ransomware removal.
Keeping all the above-mentioned figures, stats and facts in mind, the experts have deduced that the developers and operators of GandCrab might have succeeded in making more than $300 million through ransom payments.
There is another interesting feature of GandCrab i.e. it first identifies the keyboard language of the targeted user before initiating the encryption activity and doesn’t infect the devices with Russian keyboards. This characteristic strongly suggests that Russian operators are behind the development of this cryptovirological strain. Professional ransomware removal can disinfect the systems affected by GandCrab. Meanwhile, backing up critical data is an essential preventive measure against any cryptovirological activity.