End of the GandCrab era: was published a decoder for the newest versions of legendary ransomware

Experts from Bitdefender, Europol and the FBI presented a new tool for decrypting data affected by the attacks of the GandCrab ransomware.

The new solution works even for the newest versions of GandCrab 5.0 and GandCrab 5.2, as well as for older versions as 1, 4.

Reminding, that at the beginning of June 2019, RaaS operators (Ransomware-as-a-Service) GandCrab announced their imminent withdrawal from business. Through the RaaS portal, attackers acquired access to GandCrab ransomwaare, and then distributed this dangerous malware through spam, exploit kits, and so on. When the victims of the cryptographer paid buyout to the criminals, GandCrab developers received a small commission, while the rest of the money settled in “tenants” of the malware hands.

In their message, GandCrab developers boasted that they were going to “go on a well-deserved retirement” since in total ransoms brought the criminals more than $2 billion, and operators received about $2.5 million per week ($150 million per year). Security experts agree that these numbers are unlikely to be true.

What is worse, GandCrab developers stated that together with closure of the service, they intend to delete all the decryption keys, which will make it impossible to restore affected files.

GandCrab has been one of the most active ransomware on the market throughout the past year. For example, Bitdefender experts have already released tools to decrypt files after GandCrab attacks three times.

These free tools, according to Bitdefender and law enforcement, helped more than 30,000 ransomware victims and saved them from paying more than $50,000,000. However, throughout the past year, ransomware continued to be actively updating and improving, though malware stopped working.

GandCrab update history and codebreaker releases
GandCrab update history and codebreaker releases (clickable)

Bitdefender released the newest answer for GandCrab in collaboration with Europol, Romanian police, DIICOT, FBI, UK National Crime Agency, and other European law enforcement agencies.

The tool is available for download on Bitdefender Labs website, as well as in the framework of the No More Ransom project.

As in the previous cases, the decryption tool appeared not due flaws in the encrypting algorithm. By contrast, Bitdefender, in collaboration with law enforcement, gained access to the GandCrab control servers, and experts extracted decryption keys needed to decrypt the victims’ files.


William Reddy

I am from Ireland. My parents bought me a computer when I was 11, and several month after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master degree in cybersecurity, I've started working in as virus analyst in a little anti-malware vendor. In 2018, I've decided to start Virus Removal project. The main target of this site is to help people to deal with PC viruses of any kind.

Leave a Reply

Your email address will not be published. Required fields are marked *


Back to top button