Files Encrypted by GandCrab Ransomware Can Now Be Decrypted for Free

GandCrab has become one of the most devastating, and hence most successful, ransomware families of 2018. Alongside the Dharma cryptovirus family, GandCrab has enslaved the files of millions of users in a number of active campaigns via several iterations. This is the list of all the versions of the ransomware:

• GandCrab .GDCB
• GandCrab .CRAB (v2)
• GandCrab .CRAB (v2.1)
• GandCrab .CRAB (v3)
• GandCrab .KRAB (v4)
• GandCrab .krab (v4.1)
• GandCrab V5.0
• GandCrab 5.0.1.
• GandCrab 5.0.2.
• GandCrab 5.0.3.
• GandCrab 5.0.4.

GandCrab Decryption Tool Now Available

Fortunately for all the victims, GandCrab’s story is coming to an end – BitDefender researchers have come up with a free decryption tool that uses an RSA-2048 private key. The tool recovers files affected by GandCrab ransomware. Such files can be recognized by the extensions the ransomware appends to compromised files as well as via the ransom note.

As noted by the researchers, for this solution to work, you should have at least one ransom note on your computer. This ransom note is required to recover the decryption key, meaning that you should not deploy a clean-up program which typically detects and removes these notes. Specific instructions on how to decrypt files encrypted by Gandcrab for free are also available.

GandCrab Decryptor Comes After Keys for Syrian Citizens Were Released

The news about the free decryptor arrives shortly after the ransomware authors released decryption keys specifically for citizens of Syria. This occurred after a Syrian victim asked for help with the recovery of his encrypted data in a tweet. Photographs of his deceased children, casualties of the civil war in Syria, were among the files affected by the ransomware. Eventually, GandCrab’s operators noticed the tweet and responded with a post on a forum, which stated that keys (Read more...)