Law Enforcement Agencies Release New GandCrab Decryption Tool

A new decryption tool for the GandCrab Ransomware was released in a collaborative effort by cybersecurity firm, Bitdefender and law enforcement agencies. This tool decrypts the latest versions of the GandCrab Ransomware- GandCrab 5.0 to GandCrab 5.2.

Europol released the following statement:

“The tool is released in partnership with law enforcement agencies from Austria (Bundeskriminalambt – BMI), Belgium (Federal Computer Crime Unit), Bulgaria (Bulgarian Cybercrime Unit), France (Police Judiciaire de Paris – Befti), Germany (LKA Baden-Württemberg), the Netherlands (High Tech Crime Unit), Romania (DIICOT), the United Kingdom (NCA and Metropolitan Police), the United States (FBI) and Europol, together with the private partner Bitdefender.”

GandCrab has been a impacting users both at home and in businesses since it first emerged in January 2018. At one point, over half of all ransomware attacks were GandCrab. Europol has called this malware “one of the most aggressive forms of ransomware”, with over 1.8 million users hit since its release. The developers behind the ransomware claim that they have gained over $2 billion from victims. However, researchers say this is most likely a fabrication of numbers.

The ransomware first appeared as a ransomware-as-a-affiliate service in an underground hacker forums, such as Exploit.in. This means that anyone could go to the site and buy pre-made kits of the ransomware. 40% of all revenue goes to developers and 60% to the affiliates. GandCrab is also unique because it comes with features like a chat service for victims. This service allows victims to contact attackers to negotiate ransom, extend deadlines, and ask for assistance. Further, GandCrab ransom prices can be anywhere from $600 and $2,000 to decrypt computers. Decryption prices for servers can $10,000 and more. Some have also received ransom demands for as much as $700,000.

The latest GandCrab decryption tool was released by law enforcement because the GandCrab announced that they plan to retire. The shutdown will mean that victims will be not receive their data back even if they pay the ransom.

Bogdan Botezatu, director of threat research and reporting at Bitdefender stated:

“The GandCrab team has stopped affiliates from accessing new versions of the malware and has urged them to prepare for an imminent shutdown. The shutdown will be followed by deletion of all keys, leaving the victims unable to retrieve the ransomed data even if they do pay the ransom”

The latest version of the free Gandcrab decryption tool can be downloaded from Bitdefender and the No More Ransom Project.

 

If your organization has been victim to ransomware, contact LIFARS immediately