Magazine Button
New decryption tool launched to support victims of GandCrab ransomware

New decryption tool launched to support victims of GandCrab ransomware

Enterprise SecurityMore News
victims of the GandCrab ransomware can recover their files without giving into the demands of the criminals thanks to a new decryption tool released for free on www.nomoreransom.org
A new tool has been developed to enable victims of the GandCrab ransomware to recover their files without giving into the demands of the criminals.
A data recovery kit, developed by the Romanian Police in collaboration with its counterparts from Bulgaria, France, Hungary, Italy, Poland, the Netherlands, United Kingdom and United States, together with the security company Bitdefender and Europol, is now available for free on www.nomoreransom.org.

It is the most comprehensive decryption tool available to date for this particular ransomware family. It works for all but two existing versions of the malware (v.1,4 and 5), regardless of the victim’s geographical location.

This tool is released a week after the criminal group behind GandCrab made public decryption keys allowing only a limited pool of victims located in Syria to recover their files.

GandCrab in a nutshell 

GandCrab is one of the most aggressive malware attacks in recent months, infecting nearly half a million victims since it was first detected in January 2018.

Once GandCrab takes over a victim’s computer and encrypts its files, it demands a ransom ranging from US$300 to US$6,000. The ransom must be paid through virtual currencies known to make online transactions less traceable, such as DASH and Bitcoin.

Back in February, a first decryption tool was made available on No More Ransom by the Romanian Police, with the support of the cybersecurity company Bitdefender and Europol. A second version of the GandCrab ransomware was subsequently released by the criminals, this time with an improved coding which included comments to provoke law enforcement, security companies and No More Ransom. A third version followed a day later.

Now in its fifth version, this file-locking malware continues to be updated at an aggressive pace. Its developers are constantly releasing new versions of it, with new, more sophisticated samples being made available to bypass cybersecurity vendors’ countermeasures.

Underground alliances

The rapid spread of GandCrab has been helped along by a ransomware-as-a-service scheme, which offers on the dark web to would-be criminals with little to no technical expertise, a toolkit for launching quick and easy malware attacks, in exchange for a 30% cut from each ransom payment.

In order to further maximise the profits, the GandCrab developers are also partnering up with other services in the cybercrime supply chain, enabling different criminal groups to practice their core competencies while working together to earn more illicit profits than they would be able to gather working individually.

How to stay safe in the future

Victims who have fallen to this ransomware should visit nomoreransom.org where this new decryption tool is available for free.

The best cure against ransomware remains diligent prevention. Users are strongly advised to:

  • Always keep a copy of their most important files somewhere else: in the cloud, on another drive, on a memory stick, or on another computer
  • Use reliable and up-to-date anti-virus software
  • Not download programs from suspicious sources
  • Not open attachments in e-mails from unknown senders, even if they look important and credible
  • And if you are a victim, don’t pay the ransom

Find more information and prevention tips on www.nomoreransom.org

Click below to share this article

Browse our latest issue

Intelligent CISO

View Magazine Archive