CracksNow banned from torrent sites for hosting GandCrab ransomware

Previously trusted torrent uploader CracksNow barred from multiple torrent sites for infecting users with GandCrab V5.1 and other malware

CracksNow was found distributing GandCrab and other malwareFollowing multiple reports from users infected with GandCrab ransomware, most popular torrent sites banned CracksNow - a poplar crack and keygen torrent uploader

CracksNow, a popular uploader of cracks, keygens, and pirated software, was banned from multiple torrent sites because it was caught distributing GandCrab 5.1[1] ransomware and other malware. According to TorrentFreak,[2] CracksNow was a trusted uploader and active member of the community, so the distribution of malware from him came as a surprise to many, including the senior staff of many torrent sites.

It is generally known that torrent sites and files might be dangerous due to unsafe ads and malicious torrents uploaded by random users. However, well-moderated sites usually take down malware-containing links immediately and ban the culprits. Thus, while some negative comments about torrenting are generally pretentious, from a security point of view, these sites still pose a high risk to cybersecurity, especially for those that are not cautious about the dangers.

GandCrab ransomware, which was first launched in early 2018, is one of the most prominent crypto-malware threats currently. It employed multiple techniques for its distribution, including malspam campaigns like “LoveYou”[3] or “Up to datе еmеrgеnсy еxit map,” exploit kits and, of course, obfuscated files hosted on hacked or torrent sites.

Most of CracksNow's uploaded torrents were also removed, but remaining ones are safe, according to torrent site developers.

The complains from users flooded the staff of various torrent sites

Some torrents might be malicious, and those who agree to download them should accept the risk, and take the appropriate security measures in order to avoid threats. Unfortunately, many users are not taking these precaution measures, and end up infected with GandCrab or other malware.

The Pirate Bay, TorrentGalaxy, and 1337x, sites that banned CracksNow received dozens of reports from users, complaining about GandCrab infection after downloading a crack or a keygen:[2]

it's ransomware VIRUS don't download it, this crashed all my files !!!

contains DEADLY version of GandCrab V5.1 encryption… RANSOMWARE will eventually lock down your entire pc's hard drives when you choose to disable antivirus when you're installing cracks. DO not INSTALL this sh*t. I will now always check software from these uploaders.

These comments were posted on the site hosting malicious cracks. Besides, users on Reddit also were not impressed with CracksNow, and already complained about the uploader a few months ago.[4]

According to TorrentFreak, an admin from 1337x has banned the CracksNow user earlier this month:

He was banned by myself because I found ransomware in his uploads. I also checked the same uploads from him on a couple other torrent sites and got the same results. I immediately alerted their staff about it so they could investigate and take appropriate action, which they did.

Despite the battle against malware, Torrent site authors are unable to stop it all

It is not a secret that even industry giant Google sometimes fails to safe-proof malicious apps that are uploaded on Google Play.[5] Naturally, torrent sites have much lower resources to spend on security – so the infection rate will be higher by default.

However, admins are trying their best to prevent users from getting infected with malware, and banning such culprits like CracksNow is one of their daily routines:[2]

It is a daily battle to sort the scumbags from the legit uploaders and staff work very hard but it’s not foolproof. What I will say is staff are very quick to adapt to all the new ways people try to beat our systems

If you are using torrent sites, make sure you take some precaution measures, including ad-blockers, VPNs and comprehensive security software. However, we recommend staying away from cracks, keygens and similar executables altogether, as most of AV engines will flag such software as malicious, regardless if its actually is.

Luckily for those who already infected their files with GandCrab 5.1, they can now take advantage of a new decryption tool created by Bitdefender researchers and recover all the data.[6]

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions