Bitdefender released an updated GandCrab decryptor

[German]Antivirus vendor Bitdefender has released an updated version of its decryption tool for the malware GandGrab. Helps to get encrypted data back if necessary.


Advertising


Ransomware/Trojan GandCrab

I had reported about this Ransomware in my blog. The blackmail Trojan GandCrab was still widely distributed in email campaigns in the last weeks. Cyber criminals try to send the Gandcrab Trojan to their victims via fake application emails. If a victim falls for it, the GandCrab Ransomware encrypts all data on the infected computer and replaces the desktop background with a message with the ransom demand

KRITIS-Netzwerk
(Source: Pexels Markus Spiske CC0 Lizenz)

Only if the victim pays ransom does he get a key to get back to his data. It was known that the backers of the campaigns are successful and infect many computers. A few days ago, the developers of this ransomware announced that they would retire. After this exit, victims can no longer return the data after paying a ransom. I had reported in the post GandCrab ransomware: They say, they are retiring about that.

Bitdefender has released an updated Decryptor

Now the antivirus vendor Bitdefender has released a new version of its decryption software for the Ransomware GrandCrab. The free tool was provided in cooperation with Europol, the Romanian police, DIICOT, the FBI, NCA, the Metropolitan Police as well as the police in France, Bulgaria and other law enforcement agencies. It counteracts and neutralizes the latest versions of GandCrab. GandCrab is one of the most productive families of file encryption malware to date.

The new tool enables affected parties to recover encrypted information without having to pay horrendous millions in ransom to hackers. Now data encrypted by versions 1, 4 and 5 of the GandCrab malware can be decoded. The decryption tools for GandCrab released until now by Bitdefender and partner agencies have helped over 30,000 victims to recover encrypted data, saving more than $50 million in no ransom.


Advertising

GandCrab has been very active since January 2018, reaching a Ransomware “market share” of over 50 percent in just a few months through August 2018. The blackmailer software works according to an “affiliate model”: the developers make the malware available to interested parties as a service and receive part of the profit in return.

The operators of GandCrab stated that they had extorted more than two billion US dollars from their victims. The joint countermeasures taken by Bitdefender and the law enforcement authorities have significantly weakened the operators’ position in the market, for example by criminal partners suspecting the ransomware service and shutting it down.

“Our efforts to provide decryption tools for the victims of GandCrab have weakened the criminal operators into abandoning their funding model,” said Bitdefender representatives. “This has created confidence among new victims, who would rather wait for a decryption update than give in to ransom demands from criminals.

To prevent ransomware infections, users should implement a security solution with multi-layered anti-ransomware defense, back up their data regularly, and never open even a hint of suspicious attachments.

The decryption tool for GandCrab is available free of charge on the websites of Bitdefender Labs or the No More Ransom Project.

Ähnliche Artikel:
GandCrab geht in Rente – fette Beute für den Entwickler
Hacker scannen MySQL-Server und verteilen GandGrab
Vorsicht: Gandcrab-Trojaner kommt in Bewerbungsmails


Advertising


This entry was posted in Security, Windows and tagged , . Bookmark the permalink.

1 Response to Bitdefender released an updated GandCrab decryptor

  1. EP says:

    speaking of Bitdefender, though this may not be related to the original topic, but Bitdefender does not seem to play well with Windows 10 v1903 as noted in this recent Askwoody post:

    https://www.askwoody.com/forums/topic/bitdefender-vs-windows-10-version-1903/

Leave a Reply

Your email address will not be published. Required fields are marked *