Security Experts:

Connect with us

Hi, what are you looking for?


Malware & Threats

Decryptor Released for Latest GandCrab Ransomware Variants

A free decryption tool is now available for the victims of the latest variants of the GandCrab ransomware. 

A free decryption tool is now available for the victims of the latest variants of the GandCrab ransomware. 

Released on the NoMoreRansom website, the tool provides victims with the possibility to regain access to files that have been encrypted with versions 5 to 5.2 of the ransomware, as well as versions 1 and 4. 

The GandCrab Ransomware-as-a-Service (RaaS) has been highly successful and has seen a rapid evolution, with the adoption of NSA-linked EternalBlue exploit last year, and constant updates. 

A few months ago, the threat was observed targeting a Japanese manufacturing firm, although it has historically targeted mainly end-users. 

Earlier this month, the GandCrab developers announced that they have decided to close shop and that the entire operation would shut down at the end of June. 

They also claimed to have made over $150 million per year, out of over $2 billion in revenue that the RaaS has generated for the cybercriminals involved in the scheme. 

With a decryptor available for the newest variants of the ransomware, which have been last used by cybercriminals, victims will be able to recover their data even if the hackers delete the decryption keys after the operation ends. 

Previously released decryption tools for the GandCrab ransomware have helped over 30 000 victims recover their data, which resulted in roughly $50 million in unpaid ransoms, Europol says. 

The European agency also notes that the joint efforts to build such decryptors have weakened the operators’ position and eventually led to the shutdown of the operation by law enforcement, aided by security companies Bitdefender and McAfee.

Europol also notes that the GandCrab operators likely subjected over 1.5 million victims all over the world to this ransomware.

“GandCrab prioritizes ransomed information and sets individual pricing by type of victim. An average computer costs from $600 and $2,000 to decrypt, and a server decryption costs $10,000 and more. While helping victims with decryption, we’ve seen ransom notes asking for as much as $700,000, which is quite a price for one wrong click,” Bitdefender’s Bogdan Botezatu notes

Available free of charge, the new decryption tool is the result of a collaboration between law enforcement agencies from Austria, Belgium, Bulgaria, France, Germany, the Netherlands, Romania, the United Kingdom, the United States, and Europol and its Joint Cybercrime Action Taskforce (J-CAT). 

Related: GandCrab Ransomware Authors Announce Shut Down

Related: GandCrab Ransomware Detected Targeting Manufacturing Firm

Related: Increasing Involvement of Nation-states in Ransomware Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.


Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...


Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Malware & Threats

Norway‎-based DNV said a ransomware attack on its ship management software impacted 1,000 vessels.