February 28, 2018 by

Free Decryption Tool Brings Respite to Victims of Aggressive Ransomware

A new and unusual family of ransomware has met its match after a ransomware tool backed by Europol turned into freeware.

GandGrab, a ransomware that first appeared in January and quickly claimed over 53,000 victims around the world had the Europol label it as “one of the most aggressive forms of ransomware this year. Victims suffered losses from a few hundred dollars up to thousands. The ransomware is particularly unique in the way it spreads using exploit kits, a method of dispersal usually seen among trojans while demanding payments in Dash, a lesser-known cryptocurrency unlike the usual go-tos in bitcoin or monero.

“GandCrab spreads through malicious advertisements published on compromised websites or through fictitious invoices sent as attachments in email,” Europol explained. “Once installed upon a victim’s computer, the ransomware encrypts the files on the infected system, offering a decryption key in return for a ransom payment of USD 300 – 500 in the DASH virtual currency.”

The operators of GandGrab remain unknown. However, the ransomware has been pedaled on Russian underground hacker forums with those launching the ransomware instructed not to targeted Russia or any other country in the Commonwealth of Independent States of former Soviet Republics.

The spread of the ransomware has also been spurred on by a cybercrime-as-a-service scheme that offers a toolkit for deploying the strain in return for cybercriminals giving the authors a cut of the profits gained.

The decryption tool, meanwhile, has been released by the No More Ransom Initiative after an operation by the Romanian Police, Europol, the Directorate for Investigating Organized Crime and Terrorism (DIICOT) and Bitdefender.

Bitdefender’s senior director of the investigations and forensic unit Catalin Cosoi added:

Ransomware has become a billion-dollar cash cow for malware authors, and GandCrab is one of the highest bidders.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Robots are Now Vulnerable to Ransomware Attacks

Security researchers have put the spotlight on malware affecting humanoid robots with the first...

Read more arrow_forward

Ransomware is ‘Modern-Day Extortion’, Says McAfee CEO

The chief executive of cybersecurity firm McAfee has labelled ransomware as the modern day answer to...

Read more arrow_forward

US Hospital Coughs Up $55,000 to Hackers after Ransomware Attack

A ransomware attack targeting a hospital in Greenfield, Indiana, has seen hackers make away with...

Read more arrow_forward