Bitdefender released a decryption tool for recent versions of GandCrab, the world’s most prolific ransomware.
Developed in close partnership with Europol and the Romanian Police, and with support from the FBI and other law enforcement agencies, the tool lets victims around the world retrieve their encrypted information without paying tens of millions of dollars in ransom to hackers.
The new tool can now decrypt data ransomed by versions 1, 4 and 5 of the GandCrab malware, as well as all versions of the ransomware for a limited set of victims in Syria.
More information on GandCrab and the decryption tool can be downloaded from Bitdefender Labs or the No More Ransom website – a joint project between the National Dutch Police and Europol to combat ransomware at the European Union level.
“The release of this decryption tool is a spectacular breakthrough that highlights the effectiveness of collaboration between security vendors and law enforcement agencies,” said a Bitdefender spokesperson. “We have spent months on crypto-research and deployed considerable infrastructure to make this possible and help victims regain control of their digital lives at no cost.”
GandCrab has been highly active since January, operating on an affiliate model. Its developers make the malware available as a service to interested parties in return for a share of the profits. This ransomware family spreads via multiple attack vectors, such as spam email, exploit kits and affiliated malware campaigns.
In 2018, GandCrab has undergone several makeovers, particularly after Bitdefender released the v.1 decryption tool also developed collaboratively with local and international law enforcement agencies.