Most GandCrab Ransomware Victims Can Now Recover Their Files for Free

Businesses and home users affected by the latest versions of GandCrab ransomware can now recover their locked files for free, thanks to a new decryption tool developed by researchers from antivirus vendor Bitdefender in collaboration with the Romanian Police, Europol and law enforcement agencies from Bulgaria, France, Hungary, Italy, Poland, the Netherlands, United Kingdom and United States.

The decryptor is available on NoMoreRansom.org, a website set up by the Dutch National High Tech Crime Unit and Europol that hosts file recovery tools for many ransomware families.

The new BDGandCrabDecryptTool works for versions 1, 4 and 5 of GandCrab and the how-to guide accompanying it explains how to identify which version of the malware was used to lock the data based on the encrypted file extension and the ransom note left behind.

GandCrab is available to all cybercriminals based on a malware-as-a-service model, making it one of the most aggressive ransomware threats currently in the wild. Inexperienced cybercriminals can use the GandCrab toolkit to launch attacks of their own if they agree to pay a 30 percent cut to the ransomware’s creators.

GandCrab first appeared in January and the first version was quickly defeated by researchers, who released a decryptor for it in February. However, the malware’s creators didn’t give up and continued to improve their creation since then—the ransomware program has reached version 5.

According to Europol, GandCrab has infected nearly half a million victims since it was launched. With ransom demands ranging between $300 and $6,000 in cryptocurrency, its developers have likely extorted a lot of money from consumers, businesses, schools and other government organizations.

Even with the new decryption tool being available, GandCrab is likely to evolve and continue attacking users, at least until its authors are identified and arrested.

“In order to further maximise the profits, the GandCrab developers are also partnering up with other services in the cybercrime supply chain, enabling different criminal groups to practice their core competencies while working together to earn more illicit profits than they would be able to gather working individually,” Europol said in a press release.

Cathay Pacific Hack Exposes 9 Million-Plus Passenger Records

Hong Kong’s Cathay Pacific Airways, one of the largest airlines in Asia, suffered a data breach that resulted in the personal details of around 9.4 million customers being compromised.

The breach happened in March and was discovered in May. However, the company only recently made the details public. The type of information exposed included passenger names, nationalities, dates of birth, telephone numbers, emails, physical addresses, passport numbers, identity card numbers, frequent flyer program membership numbers, customer service remarks and historical travel information.

The information accessed by hackers varied across passengers, which is why only 860,000 passport numbers and approximately 245,000 Hong Kong identity card numbers were compromised. The data also included 403 expired credit card numbers and 27 credit card numbers with no security code.

“The Cathay Pacific breach is a clear indication that the airline industry has a target on its back, given that British Airways and Air Canada have also been in the news in recent months for material breaches of customer data and personal information,” said Sam Curry, chief security officer at Cybereason, via email. “Passengers that travel with Cathay should assume their personal information has already been stolen many times over and it is unfortunately the reality facing billions of people in the connected world we live in.”

British Airways, which disclosed a data breach in September that exposed data from 380,000 payment card transactions, announced this week that it discovered another, earlier security incident that affected an additional 180,000 cards.

Lucian Constantin

Lucian Constantin

Lucian has been covering computer security and the hacker culture for almost a decade, his work appearing in many technology publications including PCWorld, Computerworld, Network World, CIO, CSO, Forbes and The Inquirer. He has a bachelor's degree in political science, but has been passionate about computers and cybersecurity from an early age. Before he chose a career in journalism, Lucian worked as a system and network administrator. He enjoys attending security conferences and delving into interesting research papers. You can reach him at [email protected] or @lconstantin on Twitter. For encrypted email, his PGP key's fingerprint is: 7A66 4901 5CDA 844E 8C6D 04D5 2BB4 6332 FC52 6D42

lucian-constantin has 298 posts and counting.See all posts by lucian-constantin