One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1163761 |
| Date de publication | 2019-06-19 13:00:00 (vue: 2019-06-19 16:00:38) |
| Titre | GandCrab Ransomware Shuts Its Doors | AT&T ThreatTraq |
| Texte |
Every week, the AT&T Chief Security Office produces a set of videos with helpful information and news commentary for InfoSec practitioners and researchers. I really enjoy them, and you can subscribe to the Youtube channel to stay updated. This is a transcript of a recent feature on ThreatTraq. The video features Joe Harten, Director Technology Security, AT&T, Jim Clausing, Principal Member of Technical Staff, AT&T and Stan Nurilov, Lead Member of Technical Staff, AT&T.
Here’s the transcript of the ThreatTraq episode.
Joe: It looks like even ransomware authors can go into early retirement.
Jim: So, Joe, I understand you have a story about it - some more and more authors that are retiring.
Joe: Yes, exactly. I picked this up from Threatpost. Kind of an interesting angle we don’t talk about much. But on the dark web, some researchers picked up on the authors of the GandCrab ransomware issuing a statement that they're retiring, that they're shutting down their infrastructure and they're not going to do any more decryptions and that the GandCrab ransomware is no longer operating. As of June 1st, they shut it down after a little over a year. It had started in January of 2018. So GandCrab is a pretty prominent ransomware. It does standard ransomware - with encrypted files getting a .GDCB file extension. So that's where GandCrab comes from. Available in a host of vectors, including spam, fake software downloads, exploit kits and social engineering targeted ransomware.
The dark web post basically said the authors claim to have made $2 billion, which they equate to approximately $2.5 million per week. So between the ransomware as a service and the fees paid directly to the ransomware operators, 2 billion in about 18 months. From this point forward, they issued a warning. No further decryptions. If you purchase the ransomware now, meaning you operate it, you're not going to get files back for any future victims.
This is kind of the other end of the spectrum. This is the malicious actors' view of their posts to the dark web saying, "You know, we're done. We've washed all our money, we've made a huge bounty and we're getting out of the business."
I just thought it was interesting. You know, we are always looking at from how to protect yourself from ransomware. But it’s interesting to have a glimpse into what it's like to be somebody who is cashing the checks for these things. So I don't know, what do you think Stan or Jim?
Jim: I'm hopeful that law enforcement will catch these guys and bring them to justice.
Joe: Yeah, I agree. I mean with this level of, kind of, braggadocios mentality, posting on the dark web - you hope there's some investigator who's in there somewhere, you know, purporting to be one of their buddies could actually be in law enforcement and maybe they'll come to justice. But that's not the way the story is told right now.
Stan: It almost reminded me of another malware author who rolled Mirai, who did something similar. The creator of the Mirai source code I believe just put it out there and made this big statement of some sort and said, "You'll never catch me," or something like that. And then a few months later, he was caught by, I believe the FBI, or for certain, law enforcemen |
| Envoyé | Oui |
| Condensat | the 1st 2018 about actors' actually after against agree all almost also always angle another any anybody anymore approximately are at&t author authors available back backend backups bad basically because been before believe best between big billion bit both bounty braggadocios bring buddies bunch business but can careful case cashing catch caught certain channel to checks chief choose claim clausing click code collapses come comes coming commentary concern could creator dark declining decreasing decrypter decrypters decryptions defense did directly director does don't don’t done doors down downloads early encrypted end enforcement engineering enjoy episode equate even every everybody everything exactly exploit extension extra fake false fbi feature features feel feels fees figure file files find forward from further future gandcrab gdcb get gets getting give glimpse going good guys had harten have heat helpful here here’s hope hopeful host how huge i'm implement including infected information infosec infrastructure infrastructure's interesting investigator issued issuing it's it’s its january jim jim: joe joe: june just justice key kind kits know lately later law lead lesson level leverage like little longer looking looks made malicious malware market may maybe mean meaning member mentality might million mirai money months more much never news not now nurilov office one online operate operating operators other out over paid pay per picked point possible post posted posting posts practitioners pray pretty principal produces prominent protect purchase purporting put ransomware read realizes really recent recover released reminded researchers retirement retiring right rolled said saying security service set shut shuts shutting similar social software some somebody something somewhere sort source spam spectrum spreading staff stan stan: standard started statement stay story stuff stuff's subscribe subscriptions taken talk targeted technical technology that's the youtube them then there's these they'll they're things think thought threatpost threattraq told transcript trouble trying understand updated valuable vectors victims video videos view warning washed way we're we've web websites week well what where which who who's will wonder yeah year you'll you're your yourself |
| Tags | Ransomware Malware Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.