Latest News

Bitdefender, Europol, Romanian Police, and Other Law Enforcement Release New Decryption Tool for Latest GandCrab Ransomware

February 2019


The new decryption tool allows victims to regain access to their own data without paying a ransom to cyber-criminals. In addition to versions 1, 4, and early versions of 5, the new tool now addresses infections with versions 5.0.4 through 5.1 – the latest used by cyber-criminals in attacks.

Bitdefender, Europol, the Romanian Police and other law enforcement institutions are offering a new version of the free decryption tool to counter the latest versions of GandCrab – one of the most prolific families of file-encrypting malware to-date.

The new decryption tool allows victims to regain access to their own data without paying a ransom to cyber-criminals. In addition to versions 1, 4, and early versions of 5, the new tool now addresses infections with versions 5.0.4 through 5.1 – the latest used by cyber-criminals in attacks.

The previous tool has already been downloaded over 400,000 times, helping nearly 10,000 victims save more than $5 million dollars in decryption fees. Since its emergence in January 2018, GandCrab has inflicted hundreds of millions of dollars in losses globally.

“Although we expect ransomware operators will continue offering new and more dangerous versions of GandCrab, we will continue our commitment to helping users regain control of their digital lives and denying profits to attackers,” said Bitdefender representatives. “Collaboration between major cyber-security solution providers and law enforcement agencies has made this breakthrough possible and tens of thousands of victims will now be able to decrypt their data at no cost.”

The GandCrab ransomware family has been extremely active in the past year, surpassing other ransomware families in popularity and virality.

Last year, some GandCrab affiliates started attacking organisations via exposed Remote Desktop Protocol instances or by directly logging in with stolen domain credentials. After authenticating on a compromised PC, attackers manually run the ransomware and instruct it to spread across an entire network. Once the network is infected, the attackers erase their traces and then contact the victim with a decryption offer.

As of late 2018 and early 2019, GandCrab has radically transformed its spreading mechanism, affiliation opportunities, and improved its resilience against most cyber-security solutions.

To prevent ransomware infections, users should implement a security solution with layered anti-ransomware defenses, regularly backup their data and avoid opening attachments delivered with unsolicited messages.

Bitdefender and its partner law enforcement agencies advise victims to not give in to the demands of ransomware operators. Instead, they should back up the encrypted information and notify police immediately.

The new decryption tool is available immediately and can be downloaded for free on Bitdefender Labs and the No More Ransom Project.