Decryptor Released for Latest GandCrab Ransomware Variants

A free decryption tool is now available for the victims of the latest variants of the GandCrab ransomware. 

Released on the NoMoreRansom website, the tool provides victims with the possibility to regain access to files that have been encrypted with versions 5 to 5.2 of the ransomware, as well as versions 1 and 4. 

The GandCrab Ransomware-as-a-Service (RaaS) has been highly successful and has seen a rapid evolution, with the adoption of NSA-linked EternalBlue exploit last year, and constant updates. 

A few months ago, the threat was observed targeting a Japanese manufacturing firm, although it has historically targeted mainly end-users. 

Earlier this month, the GandCrab developers announced that they have decided to close shop and that the entire operation would shut down at the end of June. 

They also claimed to have made over $150 million per year, out of over $2 billion in revenue that the RaaS has generated for the cybercriminals involved in the scheme. 

With a decryptor available for the newest variants of the ransomware, which have been last used by cybercriminals, victims will be able to recover their data even if the hackers delete the decryption keys after the operation ends. 

Previously released decryption tools for the GandCrab ransomware have helped over 30 000 victims recover their data, which resulted in roughly $50 million in unpaid ransoms, Europol says. 

The European agency also notes that the joint efforts to build such decryptors have weakened the operators’ position and eventually led to the shutdown of the operation by law enforcement, aided by security companies Bitdefender and McAfee.

Europol also notes that the GandCrab operators likely subjected over 1.5 million victims all over the world to this ransomware.

“GandCrab prioritizes ransomed information and sets individual pricing by type of victim. An average computer costs from $600 and $2,000 to decrypt, and a server decryption costs $10,000 and more. While helping victims with decryption, we’ve seen ransom notes asking for as much as $700,000, which is quite a price for one wrong click,” Bitdefender’s Bogdan Botezatu notes. 

Available free of charge, the new decryption tool is the result of a collaboration between law enforcement agencies from Austria, Belgium, Bulgaria, France, Germany, the Netherlands, Romania, the United Kingdom, the United States, and Europol and its Joint Cybercrime Action Taskforce (J-CAT). 

Related: GandCrab Ransomware Authors Announce Shut Down

Related: GandCrab Ransomware Detected Targeting Manufacturing Firm

Related: Increasing Involvement of Nation-states in Ransomware Attacks