Decryptor Now Available for Files Affected by GandCrab Ransomware v5.1
Researchers have released an updated decryptor that allows victims of GandCrab ransomware version 5.1 to recover their affected files for free.
On 19 February, Bitdefender announced that they had developed the decryptor in collaboration with the Romanian police, Europol and other law enforcement entities. This new utility builds upon the work of two previous tools released by the Romanian digital security and anti-virus firm, including one issued in October 2018 which targets versions 1, 4, 5 and 5.03 of the digital threat. As a result, victims of GandCrab versions 1 through 5.1 can now recover their files without having to pay.
So far, Bitdefender’s decryptors have helped 10,000 victims recover their files, thereby sparing them an estimated $5 million in ransom fees.
Bitdefender decided to release its first decryptor shortly after GandCrab began spiking in activity around January 2018. Since that time, the crypto-malware has become one of the most well-known ransomware families in existence today. It’s earned this notoriety by inflicting hundreds of millions of dollars in losses onto its victims.
In the process, GandCrab has resorted to various distribution methods. Some versions have relied on social engineering attacks like sextortion scams to prey upon users, while more recent variants have begun abusing exposed Remote Desktop Protocol instances to infiltrate organizations. Some of the newest versions have even begun leveraging vulnerabilities that affect IT support software for distribution.
Given this ongoing evolution, Bitdefender realizes that its fight against GandCrab doesn’t end with the release of this latest decryptor. Bogdan Botezatu, senior e-threat analyst at the digital security company, said as much in a blog post:
While this is the third time we have defeated GandCrab encryption in the past year, our celebration will be short-lived. We’ll be back (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/decryptor-now-available-for-files-affected-by-gandcrab-ransomware-v5-1/