Smash GandCrab Tool Released To Decrypt Ransomware

Victims of the latest incarnations of the GandCrab ransomware now have a way to reclaim their files without paying a penny to extortionists, thanks to the release of a decryption tool.

Infosec shop BitDefender said this week it has teamed up with eight crime-fighting government agencies – including the FBI, London’s met Police, and Europol – to develop software that can decrypt documents scrambled by the various flavors of ransomware that circulate under the GandCrab banner. The decryption tools, available for free from the No More Ransom Project, is able to unlock files that had been encrypted by the latest version, 5.2, of the notorious Windows ransomware.

The hope is that, with victims now given the ability to decrypt encrypted files on their own, fewer people will pay the ransom and GandCrab’s masterminds will have less incentive to continue the operation.

That will, however, be a tall order given how ridiculously successful the ransomware has been up to now, and the cat and mouse game that has been going on between GandCrab developers and security companies for almost 18 months now.

“In more than a year of operation, we estimate GandCrab has claimed more than 1.5 million victims around the world, both home users and corporations,” BitDefender noted. “GandCrab operators and affiliates boldly claimed on private underground forums recently that the team behind the malware has extorted more than $2 billion from victims.”

There is also some hope that GandCrab’s operators will indeed live up to their word and shut down the ransomware and its backend network for good as promised. With no new variants being developed and decryption tools supporting the latest versions, GandCrab would, in theory, be headed to extinction.

Even if GandCrab were to be eradicated, though, the ransomware field remains a crowded and lucrative market, so much that some pundits have wondered if companies might not be better off just paying the ransom demands in certain cases. ®

READ MORE HERE