Bitdefender released GandCrab Ransomware decryption tool

Bitdefender, a Romanian security company, released a free decryption tool on Wednesday to help victims of GandCrab infection with ransomware recover files without having to pay a ransom.

The decryption tool, which is named “BDGandCrabDecryptTool.exe”, is currently available for download on the “Refusal of Ransomware Platform (nomoreransom.org)” as one of the members of Bitterrade.

The platform started with a joint initiative between Europol, the Dutch police, Intel Security and Kaspersky Lab to help victims of the ransomware recover data for free and to undermine the business model of cybercriminals.

In addition, the Romanian Police, the Romanian Organizational Crime and Terrorist Awareness Board (DIICOT) and Europol also announced that they will release the tool in a statement posted on their website.

BitPard said that this decryption tool works for all known GandCrab versions. Despite user feedback that some of the problems were encountered during decryption, Bitdeed reminded: “This decryption tool is only the first version, and as with other software, there are some unexpected errors when they were first introduced. ”

GandCrab is said to be one of the top ransomware of 2018, first appearing in January of this year. Its developers used the top-level exploit kit, RIG EK, to look for loopholes in the victim’s software and install ransomware without the victim’s permission.

In a published blog post, network security company LMNTRIX said they found GandCrab developers promoting it as a Raans (Ransomware-as-a-service) product for sale in the Russian hacker community, making GandCrab quickly Popular.

According to Microsoft statistics, GandCrab has become the third most popular ransomware family this year, with the majority of victims being concentrated in Brazil, the United States, India, Indonesia, and Pakistan. Of course, as mentioned in the GandCrab ad, its developers used hard-coding to prevent the Commonwealth of Independent States (Azerbaijan, Armenia, Belarus, Kazakhstan, Kyrgyzstan, Moldova, Russia, Tajikistan, Turkmenistan, Uzbekistan and Ukraine) member countries become victims.

Back to the free decryption tool that BitDefender released, it requires that at least one ransom ticket exists for the user’s computer (to retrieve the victim’s unique ID) and that there must be at least 5 encrypted files for decryption testing.

The user was asked to create a folder called “test-decryption” on the desktop of the computer, as the name suggests, which is used for testing purposes. After the ransom ticket and 5 to 10 encrypted files have been copied to this folder, the decryption test process can begin.

Decryption tools will be fed back to the user test results, if the decryption is successful, you can be used to decrypt all other GandCrab encrypted files.

BitDefender recommends that users choose to back up files before they are decrypted, which can be done with the Backup files button provided by the decryption tool to avoid the complete loss of files due to decryption failures or file corruption.

You can download here.