The GandCrab was advertised in Russian hacking community, researchers noticed that authors leverage the RIG and GrandSoft exploit kits to distribute the malware.
Partners are prohibited from targeting countries in the Commonwealth of Independent States (Azerbaijan, Armenia, Belarus, Kazakhstan, Kyrgyzstan, Moldova, Russia, Tajikistan, Turkmenistan, Uzbekistan and Ukraine).
“As of today, a new decryption tool for victims of the GandCrab ransomware is available on www.nomoreransom.org. This tool has been released by the Romanian Police (IGPR) under the supervision of the General Prosecutor’s Office (DIICOT) and in collaboration with the internet security company Bitdefender and Europol.” reads the announcement published by the Europol.“First detected one month ago, GandCrab has already made 50 000 victims worldwide, a vast number of which in Europe, making it one of the most aggressive forms of ransomware so far this year.”
Victims of GandCrab ransomware thanks to Bitdefender and the European law enforcement can recover files without paying the ransom.
“Ransomware has become a billion-dollar cash cow for malware authors, and GandCrab is one of the highest bidders,” Bitdefender’s Senior Director of the Investigation and Forensics Unit, Catalin Cosoi says.
“We are glad to provide our technical expertise in fighting cyber-crime as our long-standing mission is to protect the world’s Internet users and organizations. In the near future, we expect ransomware developers to migrate towards mining and stealing cryptocurrency”
(Security Affairs – GandCrab Ransomware, decryptor)