In case you have missed it, the developers of GandCrab malware have announced that they are retiring. Shortly after, security researchers have released a new tool that nullifies the effects of all the versions of the ransomware.
They have released a new decryption tool that helps victims retrieve their locked files for free. The tool has been a collective effort by Europol, FBI, Bitdefender and others.
The file locking malware’s latest version is GandCrab 5.0 to 5.2. These two latest versions including the older versions can now be unlocked which is a good thing for affected users.
It has been estimated that approximately 1.5 million Windows users since it has been discovered last January 2018. Both home and business networks have been compromised by the attacks and has been desribed by Europol as “one of the most aggressive forms of ransomware”.
Interestingly enough, the cyber crooks claims that they have been paid approximately $2 billion by their victims who were desperate enough to get the decryption key to get their files back. It might be an exaggerated figure but for sure they have reaped a huge amount as payment.
Ransomware has been a growing business since cyber crooks are able to purchase ready-made kits that made these attacks possible in exchange for 40% profits that would go to the malware developers. At one point in time, GandCrab accounted for over half of all reported computers that have been infected.
There were a few decryption tools that had been released which were able to help roughly 30,000 victims and prevented more than $50 million from being paid to the cyber criminals.
The latest decryption tool has been released by Bitdefender in collaboration with Europol, Romanian Police, DIICOT, FBI, UK’s National Crime Agency and the Metropolitan police together with police forces all across Europe.
The latest tool is available for download from the websites of Bitdefender and No More Ransom Project. For those who are not aware of the No More Ransom Project, they are a collective composed of governments, law enforcement agencies, cybersecurity firms which develops decryption tools that are specifically designed to fix different types of ransomware infections.
Although some malware affiliates still distribute GandCrab, they will not be making any money since files can now be decrypted for free. This would still be an inconvenience for their victims. However, victims who still make the wrong choice of paying will not get their files back and just end up wasting money.
The GandCrab team has stopped affiliates from acquiring new versions of their malware and has urged them to prepare for their operations to shutdown. Once their operation has ceased, all of the keys will eventually be deleted – thus making the files un-retrieavable even though they pay up.
With just GandCrab going down, there are still tons of ransomware that poses a large threat to computer users.
To prevent getting infected in the first place, applications and software should be patched with the latest versions to prevent vulnerabilities to be utilized to their advantage. Backup solutions should also be in place wherein which they can easily restore files in the event it does get infected.
As per cyber security experts, if your computers get infected, DO NOT PAY the ransomware developers. Just make sure you have up to date backup copies so you can just restore them in case something goes wrong. Paying them would not do you any good since it funds for their cyber crime gigs and in turn makes you their target in the future.