Bitdefender and ESET have each published a Gandcrab ransomware decryptor with particular attention paid to Syrians victims.
Bitdefender said its tool can decrypt data encrypted by Gandcrab versions 1, 4 and 5 and for all versions for victims located in Syria. The tool can be downloaded here.
Bitdefender stated it worked with Europol, Romanian Police and the FBI to develop its decryptor.
ESET’s decryptor is based on keys released by Gandcrab’s creators who released it in response to a plea from a Syrian victim who claimed the ransomware locked up his computer, which contained the only photos he had of his two sons who were killed in the Syrian civil war.
ESET estimates there are 979 Syrian victims. Its decryptor can be downloaded here.
First disclosed by researcher David Montenegro, who discovered it, GandCrab displays a ransom note that states "Welcome! We are regret, but all your files was encrypted!" The ransomware also allows victims to test-decrypt one chosen file from their PCs, as proof of legitimacy.
This article was first published in SC Media US.