Skip to content ↓ | Skip to navigation ↓

GandCrab has become one of the most devastating, and hence most successful, ransomware families of 2018. Alongside the Dharma cryptovirus family, GandCrab has enslaved the files of millions of users in a number of active campaigns via several iterations. This is the list of all the versions of the ransomware:

GandCrab Decryption Tool Now Available

Fortunately for all the victims, GandCrab’s story is coming to an end – BitDefender researchers have come up with a free decryption tool that uses an RSA-2048 private key. The tool recovers files affected by GandCrab ransomware. Such files can be recognized by the extensions the ransomware appends to compromised files as well as via the ransom note.

As noted by the researchers, for this solution to work, you should have at least one ransom note on your computer. This ransom note is required to recover the decryption key, meaning that you should not deploy a clean-up program which typically detects and removes these notes. Specific instructions on how to decrypt files encrypted by Gandcrab for free are also available.

GandCrab Decryptor Comes After Keys for Syrian Citizens Were Released

The news about the free decryptor arrives shortly after the ransomware authors released decryption keys specifically for citizens of Syria. This occurred after a Syrian victim asked for help with the recovery of his encrypted data in a tweet. Photographs of his deceased children, casualties of the civil war in Syria, were among the files affected by the ransomware. Eventually, GandCrab’s operators noticed the tweet and responded with a post on a forum, which stated that keys for all Syrian victims had been released. They also said that it was mistake not to add Syria to the exclusion list. Exclusion lists include countries which are not targeted by the specific ransomware, and even in cases when the ransomware is downloaded, no harm will happen.

As for GandCrab’s decryptor, keep in mind that the tool will first try to decrypt five files, and if the attempt is not successful, it will not continue. Nonetheless, this probability is very small, the researchers say. BitDefender also encourages users to give feedback. Users who experience difficulties should contact them on


Milena DimitrovaAbout the Author: Milena Dimitrova is an inspired writer for who enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malicious software, she strongly believes that passwords should be changed more often than opinions. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.