What is GandCrab ransomware
Discovered in early 2018, GandCrab ransomware is now one of the most widespread file-encrypting infections to affect users worldwide. It spreads primarily via spam emails and exploit kits, and is continually updated.
Since the first release, GandCrab developers have released at least 4 other versions, even if they do not differ that much. When victims become infected with GandCrab and their files become encrypted, they are offered to buy a decryption tool. The ransom is supposed to be paid in the cryptocurrency Dash, and the requested sum is usually somewhere between $500 and $1200 for individual users. For companies, the ransom is much higher.
When dealing ransomware, victims are never advised to pay because it does not guarantee that they will get the decryptor. After all, the crooks behind GandCrab can only offer you their word that they will help you, and trusting cyber crooks to keep their word is not wise. In many cases, instead of paying, victims are advised to backup the encrypted files and the ransom note for when/if a free decryption tool becomes available. Those free decryptors are released by cybersecurity researchers and security companies who want to help victims. For those users who found themselves dealing with GandCrab with no backup for lost files, software company Bitdefender has released a free decryptor. Bitdefender released one back in February and it helped victims of the early release to decrypt files, but GandCrab developers released new GandCrab versions since then. However, Bitdefender is there to help again.
The company has released a decryption tool that unlocks files affected by versions 1, 4 and 5. The site that we linked to allows you to see which version affected your file by the file extension your encrypted files have. If your files have the file extensions .GDCB, .KRAB or .random ten characters, you can use the GandCrab decryption tool.
How to use the GandCrab decryption tool
In order to use the GandCrab decryptor, you need to have the ransom note on your computer as it is necessary to recover the decryption key. Once you download the GandCrab decryption tool, run it and agree to the terms and conditions. You will need to select “Scan Entire System” if you want to scan your computer for all encrypted files. Bitdefender also recommends that you select “Backup files” before you begin the decryption process. The tool then does everything for you, and if all goes well, your files should be decrypted. In case you run into issues, you are encouraged to contact Bitdefender via the email address provided in the GandCrab decryption tool.
If your computer still has the GandCrab ransomware on it, you will first need to remove GandCrab. However, before you remove the ransomware with anti-malware, make sure you save all encrypted files and the ransom note. Anti-malware usually detects the ransom note as malicious, so back it up before operating the anti-malware tool. Once your computer is clean of the infection, you can run the GandCrab decryption tool.
More than 1,700 successful decryptions
Bitdefender reports that hours after the release of the GandCrab decryption tool, there were more than 1,700 successful decryptions. The estimated amount of money that GandCrab developers lost because of the free tool is over $1 million.
For those affected by versions 2 or 3 (.CRAB file extension) , Bitdefender asks to wait a bit longer. Victims are encouraged to not pay the ransom, back up encrypted files and the ransom note, and wait for a free GandCrab decryption tool.
“If you are infected by versions 2 or 3 of the ransomware, we kindly ask you to hang on and not pay the ransom! We’re still investigating ways to help recover the data and we will come back with an update once we have one,” Bitdefender says.