As of today, a new decryption tool for victims of the GandCrab ransomware is available on www.nomoreransom.org. This tool has been released by the Romanian Police (IGPR) under the supervision of the General Prosecutor’s Office (DIICOT) and in collaboration with the internet security company Bitdefender and Europol.
First detected one month ago, GandCrab has already made 50 000 victims worldwide, a vast number of which in Europe, making it one of the most aggressive forms of ransomware so far this year.
GandCrab spreads through malicious advertisements published on compromised websites or through fictitious invoices sent as attachments in emails. Once installed upon a victim’s computer, the ransomware encrypts the files on the infected system, offering a decryption key in return for a ransom payment of USD 300 – 500 in the DASH virtual currency.
A first for ransomware is the use of DASH for payment as most file encrypting ransomware families use Bitcoin or Monero as the ransom payment method. This ransomware is also run as an affiliate program (ransomware-as-a-service), in which affiliates distribute the ransomware, while the GandCrab developers earn a commission from each ransom payment.
Thanks to the efforts of the Romanian authorities, Bitdefender and Europol, the tool is available for free on No More Ransom and on Bitdefender’s webpage. It works for all known versions of the GandCrab ransomware family. The release of this new tool is yet another example of the effectiveness of public - private partnerships like No More Ransom, an initiative which now encompasses 120 partners, the Romanian Police most recently joining as an associate partner.
To prevent infection with ransomware, users are advised to keep back-ups of important data, use a security solution, and avoid accessing links or files from unsolicited emails. Find more information and prevention tips on www.nomoreransom.org