GandCrab has had more than 50,000 victims in less than one month but, as of today, there is a free tool provided by Bitdefender, the Romanian Police, the Directorate for Investigating Organised Crime and Terrorism (DIICOT) and Europol.
It works for all known versions of GandCrab and is now ready for download on www.nomoreransom.org, an online portal available in 28 languages, and in the ransomware decryption tools section on labs.bitdefender.com. The tool was released by the Romanian Police (IGPR) under the General Prosecutor's Office' (DIICOT) supervision, and in collaboration with Europol and internet security company Bitdefender.
The number of victims GandCrab make it is one of the most aggressive forms of ransomware so far this year. The ransomware spreads through malicious advertisements published on compromised websites or through fictitious invoices sent as attachments in emails. Once installed on a computer, the files on the infected system are encrypted by the ransomware, offering a decryption key in return for a ransom payment of US$ 300 – 500 (£217 - £362) in the DASH virtual currency.
This is a first for ransomware in asking for DASH as payment because usually hackers ask for Bitcoin or Monero. This ransomware is also run as an affiliate programme (ransomware-as-a-service), in which affiliates distribute the ransomware, while the GandCrab developers earn a commission from each ransom payment.
The tool on No More Ransom is free thanks to the Romanian authorities, BitDefender and Europol and works on all types of GandCrab ransomware.