June 3, 2019

Cyber-criminals have been at the game so long that some of them are slipping off into comfortable retirement.

The creators of the GandCrab ransomware let the world know yesterday that they were shutting down the online portal where they sold custom builds of their popular malware.

Dubbed Ransomware-as-a-Service (RaaS), the GandCrab operation made money by taking a small commission each time an infected end user paid a ransomware bribe. The rest of the cash went to the crim who distributed the bug – usually by email phishing.

They announced their retirement on a prominent hacking forum, where the GandCrab RaaS has been openly advertising since January 2018.

Of course back then there was even a formal launch announcement to kick things off.

Bragging rights secured

In their farewell note, the GandCrab creators boasted their ransomware had secured over £1.6 billion in blackmail, with the gang trousering roughly £1.9 million a week and £118 million annually .

**figures un-audited obviously**

They went on to say the money had been laundered and re-invested in proper businesses, allowing them to depart the world of malware.

“We are leaving for a well-deserved retirement,” they said. “We have proved that by doing evil deeds, retribution does not come.”

Rather un-generously, the cyber-criminals warned that they would be deleting their decryption keys, making file recovery for anyone infected by GandGrab impossible.

The parting shot is likely a tactical move to scare any remaining or on-the-fence end users to pay up quickly.

Shining some light on a dark economy

PR, marketing, supply chains, e-commerce portals and distribution networks. The cyber-criminal community has been growing in commercial sophistication for years. Now there are even retirement plans for those wanting a quiet life.

Its big business.

Over the past year, the GandCrab family of products has been one of the most persistent and active ransomware threats. Mass-distribution to individuals via phishing and exploit kits has been common, alongside targeted attacks on high-profile organizations.

Two billion sounds like bragging, but it’s not impossible. A University of Surrey study says the cybercriminal economy is worth $1.5 trillion USD. If cybercrime were a country, it would be the world’s 13th largest by GDP.

IBM has analysed the revenue flows and profit distribution from money laundering, data trading, ransomware and other illicit activities.

They found that cyber-criminal organisations at the smaller end could generate between $30,000 and $50,000 in profit annually, while the big global operations can rake in more than $1 billion.

Cybercrime is now ‘an interconnected web of both nefarious and legitimate activities’, they said.

Let’s not make it easy for them

Both studies confirm that there is a parallel cybercrime economy growing in size and sophistication.

Once they’ve taken over your system or secured a prized information asset, hacking groups have the commercial and technical smarts to convert that opportunity into cash.

Their level of professionalism is rising along with their boldness. If they can make money quickly and get out before the heat rises, it’s entirely possible some or even most will never be caught.

Against such an organised and effective adversary, organisations have to think beyond just buying more technology to keep cyber-criminals and malware out of their systems.

From technical vulnerabilities to poor processes and human error, IT systems have invisible vulnerabilities that criminals can exploit. Given enough time, the highly-motivated ‘threat actors’ out there will find them.

But as good as they are, we have the means to hasten them into early retirement. Cyber-criminals get frustrated when they encounter cyber-aware targets, and tend to move on quickly.

That’s why a programme of security awareness training adds muscle to IT defences. By empowering employees with knowledge they gain real-world experience of the risk of data breaches, whether from an infected file, phishing email, or an apparently innocent caller with an odd request.

Want to learn more about empowering employees with security awareness training?  Sign up for a free demo and find out how we’re already helping organisations just like yours.

Share this: