Bitdefender releases a free GandCrab decryption tool

Experts cracked GandCrab ransomware that reigned since the beginning of 2018

Good news for those who cannot access their files due to the infamous GandCrab ransomware^[1] attack. It took almost two months for Bitdefender, one of the leading global cybersecurity technology companies, to reveal a free Gandcrab ransomware decryptor.^[2]

Led by Bitdefender, a group of Romanian Police, the Directorate for Investigating Organized Crime and Terrorism (DIICOT) and Europol initiated an operation against GandCrab ransomware and eventually released a free decryptor as a part of No More Ransom^[3] project.

Since the January of 2018 GandCrab attacked PC via malspam campaigns, malicious online ads, and combination of two exploit kits. In less than two months, it struck more than 53,000 computers and stolen hundreds of thousands of personal files. It's not yet clear how much money extortionists earned. However, having in mind that GandCrab ransomware functions as a Ransomware-as-a-Service (RaaS)^[4] and demands for 1200 USD in Dash coins from each victim allow assuming that the income exceeds 600,000 USD:

GandCrab infections have reached up to an exorbitant $600,000+, orders of magnitude higher than is common in ransomware scams. Ransomware scammers more typically demand between $300 and $500.

Europol^[5] describes GandCrab as “one of the most aggressive forms of ransomware so far this year,” while Catalin Cosoi, a senior director of investigation at Bitdefender, refers to it as “one of the highest bidders.” Thus, the release of a free GandCrab decryptor is a big day for many.

The question can a free GandCrab decryption tool unlock files or not is still disputable

All volunteers can download a free GandCrab decryption tool from No More Ransom initiative at nomoreransom.org or the official Bitdefender's website.

The tool is for free, so it's definitely worth a try. However, people on social media is making a fuss about the decryptor, which turns out to be non-effective. According to MalwareHunterTeam,^[6] the tool failed to decrypt two GandCrab versions, including gandcrab 2.3.1r.

However, there's one essential condition to run a free GandCrab decryptor successfully:

The decryption tool attempts to decrypt five random files in the provided path and will NOT continue if the test is not successful. If you test the tool against a limited number of files make sure that you have AT LEAST 5 samples in the folder.

That's the reason why the decryptor may fail to work. In this case, you should test it on a folder, which contains more than five files appended with .GDCB file extension. In case decryption fails to work anyway, you can try alternative methods listed here.

GandCrab developers won't stop the attacks

Even though security experts surmounted the GandCrab developers who already confirmed that they were hacked and released decryption keys, experts presume that it's not the end.

Domain Killswitch points out to the lack of information regarding cybersecurity and tools like free ransomware decryptors. It's important to stress the fact that crypto-extortionists do not seek to attack tech-savvy people. He points out that the “visibility of these type of decryption tools outside of the tech and specifically infosec community is quite low.”

Therefore, the number of GandCrab virus attacks might decrease, though is not expected to break off completely. It's very important to spread the news about available free decryption utilities and other security news, which might help thousands of people to avoid inconveniences and serious problems.