For the third time in the past calendar year, the team at Bitdefender, working with Romanian Police and Europol, has released a free decrypter that can help victims of the GandCrab ransomware recover files locked by this malware.
This most recent version of the Bitdefender GandCrab Decryption Tool was updated to decrypt files locked by GandCrab versions from 5.0.4 through 5.1. These versions have been active and have locked people's files between November 2018 and up to today.
Previously the Bitdefender GandCrab Decryption Tool, first released in late February 2018 and updated in October 2018, could decrypt GandCrab versions 1.x, 4.x, and 5.0.0 through 5.0.3.
This means that with the exception of rarer GandCrab 2.x and 3.x versions, the Bitdefender tool can now help the majority of GandCrab victims recover their files.
The updated GandCrab free decrypter comes just at the right time, as GandCrab has been recently seen at the heart of various spam campaigns [1, 2], but also targeted attacks. The ransomware is today's most prevalent threat. "We estimate that GandCrab holds about 40% of the ransomware market," a Bitdefender spokesperson told ZDNet.
In the most recent attacks, operators of the GandCrab ransomware have broken into companies that provide remote IT support and infected customers' workstations through the remote management tools these companies normally have access to.
These victims can now use the free decrypter to unlock files without paying the ransom.
Based on internal statistics, Bitdefender said that its GandCrab decrypter was used by more than 10,000 victims, saving them from paying more than $5 million in ransom demands.
Bitdefender experts said they expect the GandCrab crew to quickly update the ransomware's code to a newer version that goes around the new decrypter's capabilities.
The GandCrab author(s) is known to react quickly and release new versions when needed, as he did the last time, in October when he had a new version out by the next day.
The GandCrab crew is still at large, currently selling access to their ransomware on Russian-speaking hacking forums.
The Bitdefender GandCrab Decryption Tool is available for download from Bitdefender's blog, here.
The best way to fight any potential ransomware attacks is to create backups and store them offline, so in the case of an infection or other hardware-related incidents, companies can use the backup data to recover from any unfortunate events.
In addition, it is also wise that companies also create a backup of the encrypted files before formatting their workstations, as a free decrypter may be made available later down the line, like Bitdefender did today.