The purportedly final version of GandCrab ransomware can now be neutralized with a new decryption tool, made available to the public.
This latest decryptor is effective against versions 1, 4 and 5.x up through 5.2. Version 5.2 is the last iteration created by the prolific ransomware’s developers before they announced on a dark web forum this past May 31 that they would retire within a month, at which point they would delete their decryptor keys.
The new tool is the result of a collaborative effort between researchers at Bitdefender, the FBI, Europol and its Joint Cybercrime Action taskforce, and other law enforcement agencies from Austria, Belgium, Bulgaria, France, Germany, the Netherlands, Romania, and the U.K.
Bitdefender and law enforcement officials have tag-teamed on multiple GandCrab decryptors that the cyber company says have resulted in more than 30,000 successful file and system restorations, saving victims around $50 million in ransom payments. “Most importantly, it helped us weaken the ransomware operators by cutting off their monetization mechanisms and establishing a positive mindset among new victims, who would rather wait for a new decryptor than give in to hackers’ ransom demands,” wrote Bogdan Botezatu, director of research and reporting, in a company blog post.
Still, GandCrab has done its share of damage since the ransomware-as-a-service offering debuted roughly a year and a half ago. Its developers claimed in their retirement announcement that they extorted over $2 billion from infected parties. Both Bitdefender and Europe estimate that the cybercriminals have claimed more than 1.5 million victims around the world.