GandCrab Ransomware Decryptor Developed for Versions 5.0.4 to 5.1

A free GandCrab ransomware decryptor has been released that works for the latest version of the ransomware. Files encrypted by versions 1, 4, early versions of 5, and versions 5.0.4 to 5.1 can now be decrypted without paying the ransom.

GandCrab ransomware was first detected in January 2018 and went on to become the biggest ransomware threat of 2018. In addition to encrypting local files on an infected device, GandCrab ransomware can also automatically map and encrypt files on network shares. Infections can result in widespread file encryption.

According to Europol, more than half a million devices have been infected with the ransomware since January 2018. The ransom demands have ranged from $300 to around $6,000 and must be paid in Dash or other cryptocurrencies.  The authors of the ransomware offer it to affiliates as ransomware-as-a-service and many threat actors are now conducting campaigns. It is by far the most common ransomware variant and dominates the ransomware-as-a-service market.

The cybercriminal gang behind the ransomware has updated the code regularly over the past 12 months, although several flaws have been identified that have allowed GandCrab ransomware decryptors to be developed.

In February 2018, a tool was developed which allowed files to be recovered without paying the ransom and a further tool was released in October which worked on all but two versions of the ransomware. Europol reports that the two tools have been downloaded more than 400,000 times and have allowed around 10,000 victims to recover their files and avoid paying a sizeable ransom payment.

However, the latest variants of the ransomware have proven difficult to crack due to their method of RSA encryption. Until now that is.

The Romanian police, in conjunction with Europol, Bitdefender, and law enforcement agencies in the US, Canada, and throughout Europe, developed a new GandCrab ransomware decryptor that allows files to be recovered that have been encrypted by the latest version 5 variants.

While this is certainly good news, the gang behind GandCrab ransomware is working on a new version of the ransomware. Some reports have been received which suggest version 5.2 is almost ready for release. For the time being through, victims of virtually all versions of the ransomware can recover their files for free.

The GandCrab ransomware decryptor is available on the No More Ransom depository.

Author: NetSec Editor