White Hats Update GandCrab Decryptor to Hasten its End

Infamous ransomware GandCrab could finally be on the way out, after white hats released yet another updated decryptor tool designed to help victims to get their data back.

In partnership with various law enforcement agencies including Europol, the Metropolitan Police, the FBI and NCA, Bitdefender has released the latest in a string of tools which it claimed has saved tens of thousands of organizations $50m in unpaid ransom money.

This effectively neutralizes every version of the ransomware-as-a-service offering up to and including the latest, v5.2. It can be downloaded from the No More Ransom project.

Although the ransomware rose to claim a 50% market share in August 2018, these efforts have done much to limit its appeal on the cybercrime underground.

“The three decryptors released in collaboration with partner law enforcement agencies – and particularly the GandCrab decryptor for version 5.1 – compelled GandCrab affiliates to shrink their business to avoid unnecessary costs,” claimed Bitdefender senior threat analyst, Bogdan Botezatu.

“For instance, in February 2019, after the release of the decryptor for version 5.1, affiliates kept pushing decryptable versions of the malware for more than a week, allowing fresh victims to decrypt their data for free. As of March 2019, GandCrab’s market share has shrunk back to 30%, with almost one in three infections tied to the group.”

GandCrab differs from many of its counterparts in that it’s offered via an affiliate model: distributors effectively purchase a license to spread the malware, keeping most of the profits themselves but sharing 40% with the original developers.

It’s a model that has served those r ..

Support the originator by clicking the read the rest link below.