Today Europol’s No More Ransom depository has released a new decryption tool for the latest strand of GandCrab, one of the world’s most prolific ransomwares.
The tool has been developed by the Romanian Police in close collaboration with Bitdefender and Europol, with support from law enforcement authorities in Austria, Belgium, Cyprus, Germany, Italy, the Netherlands, UK, Canada and US FBI.
In addition to versions 1, 4 and early versions of 5, the new tool resolves infections with version 5.0.4 through to 5.1 – the latest version.
GandCrab was the main strain of ransomware used in 2018, having infected over half a million victims since it was first detected in January last year. Earlier tools from NoMoreRansom for the ransomware have helped close to 10 000 victims retrieve their encrypted files, saving them some £4 million in ransomware payment. The GandCrab criminals have since released new versions of the file-encrypting malware, all of which are covered by the tool released today.
In a press statement co-creators Bitdefender commented: "Last year, some GandCrab affiliates started attacking organisations via exposed Remote Desktop Protocol instances or by directly logging in with stolen domain credentials. After authenticating on a compromised PC, attackers manually run the ransomware and instruct it to spread across an entire network. Once the network is infected, the attackers erase their traces and then contact the victim with a decryption offer.
"As of late 2018 and early 2019, GandCrab has radically transformed its spreading mechanism, affiliation opportunities, and improved its resilience against most cyber-security solutions.
"To prevent ransomware infections, users should implement a security solution with layered anti-ransomware defenses, regularly back up their data and avoid opening attachments delivered with unsolicited messages.
"Bitdefender and its partner law enforcement agencies advise victims to not give in to the demands of ransomware operators. Instead, they should back up the encrypted information and notify police immediately."