Bitdefender lab along with the FBI, Europol and other law enforcement bodies released a new decryption tool for GandCrab ransomware 2 day before on 17th June. This tool can neglect the effect of the GandCrab 5.0 through to GandCrab 5.2 and other older versions. Now, the victims and restore their files for free.
GandCrab came in the Wild in first month of previous month and released many versions. The most prolific malware encrypts the personal photos, documents, videos, and other files of the targeted PC. It also went big game hunting by attacking high profit organizations. Now the developers announce the retirement. According to them, total of $2 billion profits and %150 million personal incomes they gain via the threat and its many versions in over a year and half of the ransomware journey.
It is estimated that over 1.5 million Windows computers got infected with the GandCrab. According to Europol, the released decrpytor managed to save 30,000 victims into paying the ransom:
“The decryption tool counters versions 1 and 4 and versions 5 to 5.2, which are the latest to be used by cybercriminals. Previous decryptors for the GandCrab ransomware have helped more than 30 000 victims recover their data and save roughly $50 million in unpaid ransoms. Most importantly, the joint efforts have weakened the operators’ position on the market and have led to the demise and shutdown of the operation by law enforcement.”
Just as previously, Bitdefender did not manage to find flaws in the GandCrab but managed to break into the hackers’ command and control server and contrivance the decryption key that help the victims to restore their encrypted files.
The tool is available on Bitdefender for download
GandCrab is a RaaS or ransomware-as-a-service which is operated by large ransomware families and this is one of them. The developers advertised it under some secret forums. The ransomware encrypts the stored files and then shows a ransom note to demand ransom fee. The developers provide the partnership of 40-60 between author and partners respectively.
Number of victims subsided in past few years. This made the developers to the closure of the ransomware. The developers urged the victims pay the ransom fee quickly as all the keys on the remote servers will be destroyed after the shutdown of the GandCrab.
Fortunately, the threat now gets into the permanent sleep. However, users should be cautious. As everybody knows, the GandCrab closure will lead empty gap in the market which will then allow the release of any new family in the Wild. At a moment, the victims can download the decryption tool via the official Bitdefender website or No More Ransom Project and decrypt their data for free.