[German]Bitdefender, Europol, the Romanian police, DIICOT and other law enforcement agencies have released an update of the successful Ransomware decryption tool. This now also supports GandCrab Ransomware encrypted files (v5.1 and new v5.2).
Victims of the ransomware GandCrab are facing with the problem that their files have been encrypted. The encrypted data can only be recovered using appropriate decryption software (from cyber criminals or third-party tools).
A free solution from Bitdefender
Bitdefender, Europol and numerous other law enforcement agencies are now offering a new version of the free decryption tool for data that has fallen victim to the ransomware GandCrab. GandCrab is one of the most effective families of file encrypting malware to date and the updated tool can now decrypt data encrypted with the latest versions of GandCrab. The new tool is now available and can be downloaded free of charge from Bitdefender Labs and the No-More-Ransom project.
The new decryption tool allows victims to regain access to their own data without paying a ransom to cyber criminals. In addition to versions 1, 4 and the early versions of 5, the updated tool can now handle infections of the new versions 5.0.4 to 5.1 currently used by cybercriminals in attacks.
Tool has been quite successful so far
The previous version of this decryption tool has been downloaded over 400,000 times. This version of the tool helped nearly 10,000 victims get back to their data. More than $5 million in required decryption fees have been saved.
GandCrab Ransomware is regularly updated
The GandCrab Ransomware family was launched in January 2018. This ransomware family is preferred by cybercriminals and was extremely active last year. It has outdone other ransomware in popularity and virality and has caused hundreds of millions of dollars of damage worldwide.
In 2018, cyber criminals attempted to use exposed remote desktop protocol instances to attack companies with GandCrab Ransomware variants or to log in directly with stolen domain credentials. After authenticating on a compromised PC, attackers manually executed the ransomware and instructed it to spread across the network. Once the network was infected, the attackers cleared their tracks and contacted the victim with a ransom offer for decryption.
The cyber criminals regularly develop new version of this malware in order to circumvent security solutions. For example, GandCrab fundamentally changed its distribution mechanism and affiliate opportunities in late 2018/early 2019, improving its resilience to most cyber security solutions.
How users can protect themselves
To prevent ransomware infections, users should use a security solution with multi-layered anti-ransomware defense, back up their data regularly, and avoid opening attachments of unknown emails, according to Bitdefender security specialists.
Bitdefender and the authorities advise victims not to pay the demands of the Ransomware operators in general. Instead, they should secure the encrypted information and notify the police. Current information on GandCrab and other threats can be found on the Bitdefender Labs blog.