Bitdefender security firm along with Europol, the FBI, Romanian Police, and other law enforcement agencies has developed a free ransomware decryption tool.
“The good news is that now you can have your data back without paying a cent to the cyber-criminals, as Bitdefender has released a free utility that automates the data decryption process.” reads the blog post published by Bitdefender.
“This tool recovers files encrypted by GandCrab ransomware versions 1, 4 and 5.”
Victims can determine this ransomware version by analyzing the extension appended to the encrypted files and/or ransom-note. In the following table are reported the information for the various versions of the popular ransomware.
|Version 1:||file extension is .GDCB.||The ransom note starts with —= GANDCRAB =—, ……………. the extension: .GDCB|
|Version 2:||file extension is .GDCB.||The ransom note starts with —= GANDCRAB =—, ……………. the extension: .GDCB|
|Version 3:||file extension is .CRAB.||The ransom note starts with —= GANDCRAB V3 =— ……….. the extension: .CRAB|
|Version 4:||file extension is .KRAB.||The ransom note starts with —= GANDCRAB V4 =— ……….. the extension: .KRAB|
|Version 5:||file extension is .([A-Z]+).||The ransom note starts with —= GANDCRAB V5.0 =— ………. the extension: .UKCZA|
|Version 5.0.1:||file extension is .([A-Z]+).||The ransom note starts with —= GANDCRAB V5.0.2 =— …. the extension: .YIAQDG|
|Version 5.0.2:||file extension is .([A-Z]+).||The ransom note starts with—= GANDCRAB V5.0.2 =— …. the extension: .CQXGPMKNR|
|Version 5.0.3:||file extension is .([A-Z]+).||The ransom note starts with—= GANDCRAB V5.0.2 =— …. the extension: .HHFEHIOL|
“Developed in close partnership with Europol and the Romanian Police, and with support from the FBI and other law enforcement agencies, the tool lets victims around the world retrieve their encrypted information without paying tens of millions of dollars in ransom to hackers.” reads the statement published by the Bitdefender.
“The new tool can now decrypt data ransomed by versions 1, 4 and 5 of the GandCrab malware, as well as all versions of the ransomware for a limited set of victims in Syria.”
GandCrab was first spotted earlier this year by cyber security firm LMNTRIX that discovered an advertisement in Russian hacking community on the dark web.
GandCrab is offered as a ransomware-as-a-service, where crooks offer the malware to criminals for a share of the ultimate profits.
This ransomware spreads via multiple attack vectors, including spam email, exploit kits and malware campaigns.
Victims of the ransomware can download it from the following link:
(Security Affairs – GandCrab, decryption tool)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.