Researchers have released an updated decryptor that allows victims of GandCrab ransomware version 5.1 to recover their affected files for free.
On 19 February, Bitdefender announced that they had developed the decryptor in collaboration with the Romanian police, Europol and other law enforcement entities. This new utility builds upon the work of two previous tools released by the Romanian digital security and anti-virus firm, including one issued in October 2018 which targets versions 1, 4, 5 and 5.03 of the digital threat. As a result, victims of GandCrab versions 1 through 5.1 can now recover their files without having to pay.
So far, Bitdefender’s decryptors have helped 10,000 victims recover their files, thereby sparing them an estimated $5 million in ransom fees.
Bitdefender decided to release its first decryptor shortly after GandCrab began spiking in activity around January 2018. Since that time, the crypto-malware has become one of the most well-known ransomware families in existence today. It’s earned this notoriety by inflicting hundreds of millions of dollars in losses onto its victims.
In the process, GandCrab has resorted to various distribution methods. Some versions have relied on social engineering attacks like sextortion scams to prey upon users, while more recent variants have begun abusing exposed Remote Desktop Protocol instances to infiltrate organizations. Some of the newest versions have even begun leveraging vulnerabilities that affect IT support software for distribution.
Given this ongoing evolution, Bitdefender realizes that its fight against GandCrab doesn’t end with the release of this latest decryptor. Bogdan Botezatu, senior e-threat analyst at the digital security company, said as much in a blog post:
While this is the third time we have defeated GandCrab encryption in the past year, our celebration will be short-lived. We’ll be back to work tomorrow, as GandCrab operators will no doubt change tactics and techniques.
Bitdefender is therefore urging users and organizations alike to prevent a GandCrab infection in the first place. Specifically, it suggests that users verify that an up-to-date security solution is running on their machines. It also emphasizes the importance of implementing OS patches on a regular basis as well as verifying that they have a robust data backup strategy in place.
Additional ransomware prevention tips are available here.