For the third time in the past calendar year, the team at Bitdefender, working with Romanian Police and Europol, has released a free decrypter that can help victims of the GandCrab ransomware recover files locked by this malware.
This most recent version of the Bitdefender GandCrab Decryption Tool was updated to decrypt files locked by GandCrab versions from 5.0.4 through 5.1. These versions have been active and have locked people's files between November 2018 and up to today.
This means that with the exception of rarer GandCrab 2.x and 3.x versions, the Bitdefender tool can now help the majority of GandCrab victims recover their files.
The updated GandCrab free decrypter comes just at the right time, as GandCrab has been recently seen at the heart of various spam campaigns [1, 2], but also targeted attacks. The ransomware is today's most prevalent threat. "We estimate that GandCrab holds about 40% of the ransomware market," a Bitdefender spokesperson told ZDNet.
In the most recent attacks, operators of the GandCrab ransomware have broken into companies that provide remote IT support and infected customers' workstations through the remote management tools these companies normally have access to.
These victims can now use the free decrypter to unlock files without paying the ransom.
Based on internal statistics, Bitdefender said that its GandCrab decrypter was used by more than 10,000 victims, saving them from paying more than $5 million in ransom demands.
Bitdefender experts said they expect the GandCrab crew to quickly update the ransomware's code to a newer version that goes around the new decrypter's capabilities.
The GandCrab author(s) is known to react quickly and release new versions when needed, as he did the last time, in October when he had a new version out by the next day.
The GandCrab crew is still at large, currently selling access to their ransomware on Russian-speaking hacking forums.
The Bitdefender GandCrab Decryption Tool is available for download from Bitdefender's blog, here.
The best way to fight any potential ransomware attacks is to create backups and store them offline, so in the case of an infection or other hardware-related incidents, companies can use the backup data to recover from any unfortunate events.
In addition, it is also wise that companies also create a backup of the encrypted files before formatting their workstations, as a free decrypter may be made available later down the line, like Bitdefender did today.
More ransomware coverage:
- New ransomware strain is locking up Bitcoin mining rigs in China
- Ransomware: An executive guide to one of the biggest menaces on the web
- Ransomware warning: This phishing campaign delivers new malware variants
- Moscow's new cable car system infected with ransomware two days after launch
- Ransomware warning: That romantic message may hide a nasty surprise
- Matrix has slowly evolved into a 'Swiss Army knife' of the ransomware world
- Ransomware attack hits Port of San Diego CNET
- Ransomware: A cheat sheet for professionals TechRepublic