A Europol press release has announced that the decryption tool for GandCrab ransomware had been developed.
GandCrab ransomware has been in the news recently and it is one of the most aggressive malware attacks in recent several months. It attacks its targets using phishing tactics to distribute the ransomware. It is worth to mention that the ransomware is under constant development that incorporates tools to better avoid detection.
The ransomware was first detected in January 2018, and it was already infected almost 500,000 victims. Once the ransomware infects the device, it encrypts files and asks for a ransom from $300 to $6,000.
Universal decryption tool released for free on No More Ransom
According to Europol, the data recovery kit has been developed by the Romanian Police that collaborated with its counterparts from Bulgaria, France, Hungary, Italy, Poland, the Netherland, the United Kingdom and the United States, Europol and a popular security vendor Bitdefender.
“It is the most comprehensive decryption tool available to date for this particular ransomware family: it works for all but two existing versions of the malware (v.1,4 and 5), regardless of the victim’s geographical location. This tool is released a week after the criminal group behind GandCrab made public decryption keys allowing only a limited pool of victims located in Syria to recover their files.”
A first decryption tool for the ransomware was first developed by the Romanian Police in collaboration with Bitdefender and Europol back in February.
However, a second version of the ransomware was released by the criminals that improved coding which included comments to provoke law enforcement, security companies, and the decryption tool. The third version was released the following day.
The current fifth version is still being updated at an aggressive pace. The attackers behind this file-locking malware are constantly releasing new versions with even more sophisticated samples being available to bypass security detection tools and countermeasures.
The distribution of the ransomware has been followed a ransomware-as-a-service scheme that is available to the criminals on the dark web. The wannabe attackers that have little or even no technical expertise to launch quick and easy malware attacks, in exchange for a 30% cut from each paid ransom.
In order to further maximise the profits, the GandCrab developers are also partnering up with other services in the cybercrime supply chain, enabling different criminal groups to practice their core competencies while working together to earn more illicit profits than they would be able to gather working individually.
Protect yourself against ransomware attacks
In order to stay safe in the future and protect yourself from the GandCrab ransomware should always keep a copy of their most important files somewhere else, use reliable up-to-date antivirus or security suite, stay vigilant and do not download any files from suspicious sources or open attachments in e0mails from unknown senders.
For those who have fallen to this ransomware should visit www.nomoreransom.org where this new decryption tool is available for free.