crab
  • BitDefender puts an end to the GandCrab scourge, and its developers announce their retirement as well.
  • The IT security company released a decryption tool that covers all versions, past and present.
  • This is definitely not the last we have heard from “Ransomware as a Service” malware tools.

One of the most notorious strains of ransomware, GandCrab, has finally met its match as BitDefender has just released a decryption tool that works with the latest versions of the malware, even 5.2. Of course, older versions are also covered, so anyone who has suffered a GandCrab infection and stayed patient by not paying the actors can finally get their files back. BitDefender says “good riddance” to the particular malware, as we’re talking about a nasty piece of software that infected millions of systems, getting propagated by multiple groups and malicious actors, and indiscriminately spreading to the computers of “simple people” as well.

As BitDefender further reports, GandCrab was mainly utilized by Russian groups, and reached its peak at around August, last year, when it accounted for 50% of all ransomware infections globally. In total, the researchers estimate that GandCrab infected 1.5 million systems, while BitDefender was always a step behind it, helping people get rid of older versions at least. In total, their previous unlocking tools have been used by 30000 victims, saving roughly $50 million that the extortionists never got to receive. By unlocking the absolute latest version however, it means that it’s all over for the developers of the ransomware, as there is no more catching up to play.

timeline-gandcrab
image source: labs.bitdefender.com

This however will definitely not be the last time we see a “ransomware as a service” (RaaS) thrive on the net. GandCrab stood out from the rest by following an affiliation model, and this is why it managed to spread like wildfire. Everyone could pick it up, infect targets, and then share the decryption fees with the malware developer. Now that the GandCrab game is over, it doesn’t mean that we will have to wait for a long time before we see a new strain or malware family that will be sold for further propagation.

gc-chat
image source: labs.bitdefender.com

Until then, download the BitDefender decrypter, and next time make sure to make backups of your most important files, preferably on removable storage media that isn’t connected to the internet. As always, keep your software tools up to date, especially the anti-virus tools, and try to refrain from downloading and installing software from sources that cannot be trusted, like torrent files. In the end, do not ever pay the ransom if things go wrong. This is what drives RaaS developers, fuels malicious actors, and perpetuates ransomware infections.

Have you ever had a ransomware infection experience? Let us know of the details in the comments down below, or on our socials, on Facebook and Twitter.