3 min Security

Decryption tool neutralizing ransomware GandCrab released

Decryption tool neutralizing ransomware GandCrab released

A new decryption tool has been released that neutralizes the most recent file lock incarnations of GandCrab 5.0 to GandCrab 5.2 malware. The GandCrab decryptor allows users to recover files encoded by older versions of the ransomware.

The tool has been released by Bitdefender in collaboration with Europol, the Romanian Police, DIICOT, the FBI, the UK National Crime Agency and Metropolitan Police. In addition, police forces throughout Europe are also involved. The program is available to download from both Bitdefender Labs and the No More Ransom project. The latter is a joint plan of a large number of cyber security companies, governments and law enforcement agencies. They offer free decryption tools for many different types of ransomware.

Very aggressive ransomware

Since GandCrab first appeared in 2018, more than 1.5 million Windows users have been infected with the ransomware, according to ZDnet. Both home and business networks have been victims of GandCrab attacks. Something that Europol describes as one of the most aggressive forms of ransomware. Over the past year, several free decryption tools have been released to combat GandCrab. These decryption tools would have protected more than 30,000 potential victims. This prevented a total of 50 million dollars in ransom payments from being made.

The makers of GandCrab recently announced that they would stop the ransomware attacks. They claim to have taken more than USD 2 billion from victims, who have paid to receive the decryption key. This is because in their opinion this was the only way to get their files back. Although researchers consider the amount of money captured to be very exaggerated.

Danger not overlooked

However, eliminating cybercriminals’ processing does not mean that GandCrab is no longer profitable. The ransomware can still cause problems for victims. Once GandCrab operations are stopped, it means that even if victims pay ransom, they do not get their files back.

The GandCrab team has prevented affiliated companies from accessing new versions of the malware and has called on them to prepare for an imminent shutdown. The shutdown will be followed by the removal of all keys. As a result, the victims are unable to retrieve the licensed data. Even if they do pay the ransom, says Bogdan Botezatu, director of threat assessment and reporting at Bitdefender.

Cybersecurity companies and law enforcement agencies warn that victims should not give in to the demands of attackers. Not only does it finance crime, but attackers can label those who pay as soft targets and attack them again at a later date. Software and applications must therefore always be patched and up-to-date to prevent attackers from exploiting known vulnerabilities.

Related: Criminals behind GrandCrab-ransomware are going to retire on millions of profits

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.