The files encrypted by the GandCrab ransomware can be recovered - decryptor available

Law enforcement cooperation with Europol, the Romanian police, and the Bitdefender antivirus company has resulted in the development of a tool to decrypt files after GandCrab ransomware infection. Individuals whose files have been encrypted can download the Bitdefender GandCrab Decryptor tool and decrypt the data for free.

GandCrab Ransomware

The program is available for download on this website . After its launch, it is possible to scan the whole disk for encrypted files (" Scan entire system " option) or to select a specific directory (" Browse ").

GandCrab Ransomware

The GandCrab Ransomware, when it appeared in January 2018, demanded from $ 300 to $ 500 in the DASH cryptographic to decrypt the files. Activities of Bitdefender, Europol , Police from Romania , as well as the Unit for Fighting Organized Crime and Terrorism (DIICOT), led to obtaining decryption keys that were used to develop a tool that would decrypt files that were encrypted by known GrandCrab ransomware variants . It is estimated that GandCrab ransomware could have encrypted over 50,000 computers.

GandCrab Ransomware

Technical analysis of GandCrab ransomware was described by Malwarebytes employees on his blog . From the information provided, we learn that the malware was spread by the KIT - RIG exploit. It is a popular tool for carrying out, among others automated attacks, including drive-by downloads, which do not require any interaction from the victim (they exploit vulnerabilities in the browser or installed extensions). For this reason, we encourage readers to use protection that scans websites already in the browser, as well as read our test against drive-by downloads , where in addition to the results of antivirus protection, we explain step by step how to conduct these types of attacks. People interested in free protection should become familiar with our ranking of recommended free protection programs for 2018 .

Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.