Bitdefender Releases FREE GandCrab Ransomware Decryption Tool


The latest ransomware kicking everyone’s ass is Gandcrab which has infected an estimated 50,000 computers, fortunately for the victims, Bitdefender has released a free Gandcrab ransomware decryption tool as a part of the No More Ransom Project.

Bitdefender Releases FREE GandCrab Ransomware Decryption Tool


There’s nothing particularly notable about the ransomware itself other than it combines two existing exploit kits to compromise people and it takes payment in Dash, which is a privacy coin, rather than Bitcoin (which is a first as far as I know).

White hats have released a free decryption tool for GandCrab ransomware, preventing the nasty spreaders of the DIY malware from asking their victims for money.

GandCrab has been spreading since January 2018 via malicious advertisements that lead to the RIG exploit kit landing pages or via crafted email messages impersonating other senders, infecting an estimated 53,000 computers in the process.

In exchange for the decryptor, the crooks behind GandCrab ask for a ransom of anywhere between hundreds and hundreds of thousands of dollars in DASH, a crypto-currency that has just made its debut in cybercrime. The developers of GandCrab use a ransomware-as-a-service business model that allows people with little technical skill to get a piece of the action.


The ransomware itself is spreading via malicious adverts and landing pages with Rig Exploit Kit combined with phishing style e-mails copying receipts from popular e-commerce services.

You can find the Gandcrab decryption tool here:

GandCrab Ransomware decryption tool

Ransomware demands tied to GandCrab infections have reached up to an exorbitant $600,000+, orders of magnitude higher than is common in ransomware scams. Ransomware scammers more typically demand between $300 and $500.

The newly developed (free) antidote works for all known versions of the ransomware. The nasty encrypts personal data on victims’ machines.

Security firm Bitdefender developed the GandCrab ransomware decryption tool in collaboration with Europol and Romanian Police. The effort is the latest under the No More Ransom project.

No More Ransom was launched in July 2016, introducing a new level of cooperation between law enforcement and the private sector to fight ransomware.

The last ransomware we wrote about was WannaCry which someone managed to foil by registering a non-existent domain which effectively shut it down:

WannaCry Ransomware Foiled By Domain Killswitch

I think Gandcrab is still going to cause a fair amount of damage and honestly, the visibility of these type of decryption tools outside of the tech and specifically infosec community is quite low, so do help share this article and let people know they may have a way out if they have been infected.

Source: The Register

Posted in: Countermeasures

, ,


Latest Posts:


Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc


Comments are closed.