New data recovery kit added to the No More Ransom project repository
UPDATE (31/10) Bitdefender, the cybersecurity firm that has been actively working with Europol on the GandCrab data recovery kit, has announced that more than 1,700 successful decryptions were registered “within hours” of its launch, saving victims from paying a cumulative $1 million. More details here.
Victims of the GandCrab ransomware can now recover their files without giving into the demands of criminals thanks to a new, free-to-use decryption tool.
A data recovery kit has been added to the No More Ransom project repository, allowing victims to retrieve files that have been encrypted by GandCrab v1, v4, and v5.
According to Europol, the tool has been developed by the Romanian Police in collaboration with law enforcement across Europe and the US, along with security firm Bitdefender.
“It is the most comprehensive decryption tool available to date for this particular ransomware family,” Europol said. “It works for all but two existing versions of the malware, regardless of the victim’s geographical location.”
Earlier today, Bitdefender said more than 100 GandCrab ransomware victims successfully recovered their data within an hour of the tool’s launch.
Evolving framework
First discovered in January, GandCrab is thought to have infected nearly 500,000 devices.
Once the malware takes over a victim’s computer and encrypts its files, it demands ransoms ranging from $300 to $6,000.
GandCrab earned a special mention in Malwarebytes’ recent third-quarter threat report, with the company noting that new versions of the ransomware had been in development throughout the year.
No More Ransom’s data recovery tool has been launched a week after the criminal group behind GandCrab made public decryption keys aimed at allowing a limited pool of victims in Syria to recover their files.
Although the new toolkit represents a small victory for the security industry, Europol warned that the malware’s architects may continue to release new versions of GandCrab, complete with new measures that could render this latest decryption tool obsolete.