Free decryption tool could save victims millions in ransomware payments

A new decryption tool has been released for free on the No More Ransom depository for the latest strand of GandCrab.

This tool was developed by the Romanian Police in close collaboration with the internet security company Bitdefender and Europol, together with the support of law enforcement authorities from Austria, Belgium, Cyprus, France, Germany, Italy, the Netherlands, UK, Canada and US FBI.

In addition to versions 1, 4 and early versions of 5, the new tool resolves infections with version 5.0.4 through 5.1 – the latest version developed by the cybercriminals.

Why the fuss?

GandCrab has surpassed all other strains of ransomware in 2018, having infected over half a million victims since it was first detected in January last year.

Back in October, a decryption tool was made available covering all but two versions of the then existing versions of the malware. This tool followed an earlier release back in February. Downloaded more than 400 000 times so far, these two tools have helped close to 10 000 victims retrieve their encrypted files, saving them some USD 5 million in ransomware payment.

The GandCrab criminals have since released new versions of the file-encrypting malware, all of which are covered by the tool.

The best cure against ransomware remains diligent prevention. Users are strongly advised to use a security solution with layered anti-ransomware defences, regularly back up their data and avoid opening attachments delivered with unsolicited messages.