Experts from Bitdefender, Europol and the FBI presented a new tool for decrypting data affected by the attacks of the GandCrab ransomware.The new solution works even for the newest versions of GandCrab 5.0 and GandCrab 5.2, as well as for older versions as 1, 4.
Reminding, that at the beginning of June 2019, RaaS operators (Ransomware-as-a-Service) GandCrab announced their imminent withdrawal from business. Through the RaaS portal, attackers acquired access to GandCrab ransomwaare, and then distributed this dangerous malware through spam, exploit kits, and so on. When the victims of the cryptographer paid buyout to the criminals, GandCrab developers received a small commission, while the rest of the money settled in “tenants” of the malware hands.
In their message, GandCrab developers boasted that they were going to “go on a well-deserved retirement” since in total ransoms brought the criminals more than $2 billion, and operators received about $2.5 million per week ($150 million per year). Security experts agree that these numbers are unlikely to be true.
What is worse, GandCrab developers stated that together with closure of the service, they intend to delete all the decryption keys, which will make it impossible to restore affected files.
GandCrab has been one of the most active ransomware on the market throughout the past year. For example, Bitdefender experts have already released tools to decrypt files after GandCrab attacks three times.
These free tools, according to Bitdefender and law enforcement, helped more than 30,000 ransomware victims and saved them from paying more than $50,000,000. However, throughout the past year, ransomware continued to be actively updating and improving, though malware stopped working.
Bitdefender released the newest answer for GandCrab in collaboration with Europol, Romanian police, DIICOT, FBI, UK National Crime Agency, and other European law enforcement agencies.
As in the previous cases, the decryption tool appeared not due flaws in the encrypting algorithm. By contrast, Bitdefender, in collaboration with law enforcement, gained access to the GandCrab control servers, and experts extracted decryption keys needed to decrypt the victims’ files.