Security experts finally defeated the GandCrab encryption

On the portal No More Ransom arrived decryptor to the latest version of GandCrab ransomware The utility can save from data destruction many thousands users who have suffered from attacks of the coder.

Representatives of Europol reported the appearance of a new decryptor on its website. They thanked for the help in the development of law enforcement services of nine countries, including the UK, Germany and the United States, as well as Bitdefender information security company.

Program works with GandCrab 1, 4 and all versions of the 5th version, including the newest 5.2, which came out simultaneously with the decryptor of the previous generation.

According to Europol, since the first antidote to the GandCrab appeared, it was possible to recover data of more than 30 thousand users. As a result, ransomware victims were able to save about $50 million.

“The most important thing is that united efforts of [experts from the project No More Ransom] have weakened the market position of the malware operators. In the end, this led to their decline and allowed law enforcement agencies to stop malicious activity”, – said law enforcement officials.

The creators of GandCrab announced the cessation of activity in early June 2019. According to the criminals, a year and a half of malware campaigns brought them a substantial profit, and now they expect to go into a legal business.

Attackers that supported the online portal for renting GandCrab gave their counterparties a month to withdraw funds. During the same time, the ransomware victims were recommended to pay the ransom – after a month, the criminals promised to remove all encryption keys, making it impossible to return the lost data.

Now users do not have to make a deal with fraudsters. Nevertheless, experts warn that a malicious person can still create serious problems, since even a temporary loss of access to critical data entails losses.

“Despite the end of GandCrab, ransomware remains a large threat to organisations, with several high-profile attacks in recent months highlighting the danger posed”, – remind in Europol.

The best cure against ransomware remains diligent prevention. Users are strongly advised to:

  • always keep a copy of their most important files somewhere else: in the cloud, on another drive, on a memory stick, or on another computer;
  • use reliable and up-to-date anti-virus software;
  • not download programs from suspicious sources;
  • not open attachments in emails from unknown senders, even if they look important and credible;
  • don’t pay the ransom if you are a ransomware victim!


About Trojan Killer

Carry Trojan Killer Portable on your memory stick. Be sure that you’re able to help your PC resist any cyber threats wherever you go.

Check Also

MageCart on the Heroku Cloud Platform

Researchers Found Several MageCart Web Skimmers On Heroku Cloud Platform

Researchers at Malwarebytes reported about finding several MageCart web skimmers on the Heroku cloud platform …

Android Spyware CallerSpy

CallerSpy spyware masks as an Android chat application

Trend Micro experts discovered the malware CallerSpy, which masks as an Android chat application and, …

Leave a Reply