Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Decryptor Released for Latest GandCrab Ransomware Variants

A free decryption tool is now available for the victims of the latest variants of the GandCrab ransomware. 

A free decryption tool is now available for the victims of the latest variants of the GandCrab ransomware. 

Released on the NoMoreRansom website, the tool provides victims with the possibility to regain access to files that have been encrypted with versions 5 to 5.2 of the ransomware, as well as versions 1 and 4. 

The GandCrab Ransomware-as-a-Service (RaaS) has been highly successful and has seen a rapid evolution, with the adoption of NSA-linked EternalBlue exploit last year, and constant updates. 

A few months ago, the threat was observed targeting a Japanese manufacturing firm, although it has historically targeted mainly end-users. 

Earlier this month, the GandCrab developers announced that they have decided to close shop and that the entire operation would shut down at the end of June. 

They also claimed to have made over $150 million per year, out of over $2 billion in revenue that the RaaS has generated for the cybercriminals involved in the scheme. 

With a decryptor available for the newest variants of the ransomware, which have been last used by cybercriminals, victims will be able to recover their data even if the hackers delete the decryption keys after the operation ends. 

Previously released decryption tools for the GandCrab ransomware have helped over 30 000 victims recover their data, which resulted in roughly $50 million in unpaid ransoms, Europol says. 

Advertisement. Scroll to continue reading.

The European agency also notes that the joint efforts to build such decryptors have weakened the operators’ position and eventually led to the shutdown of the operation by law enforcement, aided by security companies Bitdefender and McAfee.

Europol also notes that the GandCrab operators likely subjected over 1.5 million victims all over the world to this ransomware.

“GandCrab prioritizes ransomed information and sets individual pricing by type of victim. An average computer costs from $600 and $2,000 to decrypt, and a server decryption costs $10,000 and more. While helping victims with decryption, we’ve seen ransom notes asking for as much as $700,000, which is quite a price for one wrong click,” Bitdefender’s Bogdan Botezatu notes

Available free of charge, the new decryption tool is the result of a collaboration between law enforcement agencies from Austria, Belgium, Bulgaria, France, Germany, the Netherlands, Romania, the United Kingdom, the United States, and Europol and its Joint Cybercrime Action Taskforce (J-CAT). 

Related: GandCrab Ransomware Authors Announce Shut Down

Related: GandCrab Ransomware Detected Targeting Manufacturing Firm

Related: Increasing Involvement of Nation-states in Ransomware Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Cloud security startup Upwind has appointed Rinki Sethi as Chief Security Officer.

SAP security firm SecurityBridge announced the appointment of Roman Schubiger as the company’s new CRO.

Cybersecurity training and simulations provider SimSpace has appointed Peter Lee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.