Recent decryption update allows victims infected with GandCrab to recover files from November 2018 to February 2019 without paying the ransom demand.
The Bitdefender team worked with the Romanian Police and Europol for the third time in the last calendar year to release a free decrypter that can help GandCrab Ransomware victims recover files that have been locked by that malware.
This latest version of the GandCrab Decryption Tool from Bitdefender has been updated to decode files locked in versions of GandCrab from 5.0.4 to 5.1. These releases were activated and people’s files were locked between November 2018 and today.
The Bitdefender GandCrab Decryption Tool, first released at the end of February 2018 and updated in October 2018, could decrypt versions of GandCrab 1.x, 4.x and 5.0.0 to 5.0.3.
This means that the Bitdefender tool can now help the majority of GandCrab victims recover their files, with the exception of rarer versions of GandCrab 2.x and 3.x. The updated free GandCrab decrypter comes at the right time, as GandCrab has recently been seen at the heart of different spam campaigns , but also targeted attacks.
The ransomware is the most common threat today. “We estimate that GandCrab holds approximately 40% of the ransomware market,” a spokesperson for Bitdefender said.
In recent attacks, GandCrab ransomware operators have broken into companies that provide remote IT support and workstations for infected customers via the remote management tools to which these companies normally have access.
These victims can now unlock files without paying the ransom using the free decrypter.
Based on internal statistics, Bitdefender said more than 10,000 victims used its GandCrab decrypter, saving them from paying ransom demands of more than $5 million.
Experts from Bitdefender said they expect the crew from GandCrab to quickly update the ransomware code to a newer version that covers the capabilities of the new decrypter. Theauthor(s) of GandCrab are known to react quickly and release new versions when necessary, as he did the last time in October when the next day he had a new version.
The crew of GandCrab is still out, selling access to their ransomware on Russian-speaking hacking forums. The Bitdefender GandCrab Decryption Tool can be downloaded here from the blog of Bitdefender.
The best way to combat potential ransomware attacks is to create backups and store them offline, so companies can use the backup data to recover from any unfortunate events in the event of an infection or other hardware-related incidents.
It is also wise for companies to create a backup of encrypted files before formatting their workstations, as a free decrypter can be made available later on the line, as Bitdefender has done today.