The hackers claim that GandCrab netted its clients around $2 billion, all extracted from victims who opted to pay for a decryption key after falling prey to the ransomware. Whether that figure is accurate or not is up for debate. However, the hacking group also claims it "earned more than $150 million per year" from GandCrab and is now "leaving for a well-deserved retirement."
"We have proven that be doing evil deeds, retribution does not come. We proved that in a year you can earn money for a lifetime. We have proved that it is possible to become number one not in our own words, but in recognition of other people," the hackers wrote in a forum post.
The celebratory retirement post also puts out a request to stop any advertising campaigns for DandCrab, and for its affiliates to stop distributing the ransomware within 20 days. It also instructs current victims to buy a decryption key now, because once DandCrab is pulled from commission, the keys go with it.
According to BleepingComputer, DandCrab exploded in popularity in January 2018, when the hacking group starting promoting its ransomware on the dark web. It filled a void left by TeslaCrypt, CrytpoWall, and other major ransomware campaigns.
While active, the hackers would often taunt and joke with researchers. They would inject "Hello" messages to specific researchers in its ransomware, that those researchers would discover when analyzing DandCrab, and named their command and control servers after popular security outfits.
That is all supposedly behind them now. The group claims it has invested its earnings into various legitimate businesses, both online and in the real world. So in this particular instance, it would appear that crime does in fact pay.