GandCrab Authors Release Decryption Keys for Syrian Citizens

The authors behind GandCrab ransomware virus have released decryption keys for citizens of Syria.

The public release of these decryption keys became a reality due to a tweet made by a Syrian victim. He asked for help with the recovery of encrypted files, among which were photographs of his deceased children who were casualties of the civil war in Syria.

After a little while, the cybercriminals behind the GandCrab ransomware noticed the tweet and responded with a post of their own on a forum. The post states that they have released the keys for all victims of Syrian origin.

In addition to that announcement they explained how it was a mistake for Syria not to be added to the exclusion list in the first place. If a given country is put inside that exclusivity list, its people won’t get their files encrypted by GandCrab ransomware, even if they download it to their computer systems. Interestingly enough, the message from the developers of GandCrab did not specify Syria will be added in the exclusivity list in the future.

Below you can see a preview of the forum post mentioned in the above paragraph:

Inside the post, there is a link to an archived file that contains the released decryption keys for Syrian victims. The file is a .zip file and it contains a readme.txt and SY_keys.txt files.

The readme.txt file contains information on how the key file is organized and information on why the keys were released. The contents of these files are in Russian so a machine translation is showcased down here:

id – ver – (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | authored by Tsetso Mihailov. Read the original post at: