A new tool to remove GandCrab ransomware encryption

The latest version of the tool is functional for those who suffered ransomware infections between November 2018 and February 2019

Network security and ethical hacking specialists from the International Institute of Cyber Security report the launching of a new version of the tool to remove the encryption generated by the GandCrab ransomware (versions 5.04 to 5.1). These versions have been detected recently, infecting thousands of victims since the end of 2018 until now.

The previous version of GandCrab Decryption, launched in February 2018 and updated in October of the same year, was functional to eliminate the encryption of GandCrab ransomware versions 1.x, 4.x, up to 5.0.0. In other words, this tool is useful against most versions of the ransomware, except 2.x and 3.x, the less common variants of this malware.

The tool could not appear at a better time, consider specialists in network security. GandCrab has recently been detected at the core of several spam campaigns, including some targeted attacks. “We believe that GandCrab is the most important cyber threat currently. This ransomware must gather around 40% of the ransomware market”, the experts mentioned. 

In the most recent campaign of attacks, ransomware operators have managed to access networks of some remote IT support firms, infecting workstations of clients of these companies through remote management tools used regularly by this kind of companies.

However, thanks to this new development, the victims will be able to recover their files without having to negotiate a payment with the malware operators.

Network security specialists estimate that this tool to eliminate the encryption of GandCrab ransomware has been used by over 10k victims, which means cutting an income of more than $5M USD for campaign operators. Campaign operators are expected to launch an updated version of the ransomware, able to bypass the features of the new tool.

The hackers behind the ransomware GandCrab continue to operate in freedom, offering access to this malicious software through various hacking forums, mainly in Russian language.

The best way to protect you against any threat from ransomware is to create physical and cloud security backups; if an infection with encryption malware is present, organizations can use their backups if the anti-encryption tools are not functional. 

It is also advisable to create backup copies of encrypted files in case one of the tools developed against the ransomware is functional for that specific variant.

Interested users can download Bitdefender GandCrab Decryption here.