Europol says that as of today, a new decryption tool for victims of the GandCrab ransomware is available on www.nomoreransom.org. This tool has been released by the Romanian Police (IGPR) under the supervision of the General Prosecutor’s Office (DIICOT) and in collaboration with the Internet security company Bitdefender and Europol.
First detected one month ago, GandCrab has already claimed 50,000 victims worldwide, a vast number of which in Europe, making it one of the most aggressive forms of ransomware so far this year, according to Europol.
GandCrab spreads through malicious advertisements published on compromised websites or through fictitious invoices sent as attachments in emails. Once installed upon a victim’s computer, the ransomware encrypts the files on the infected system, offering a decryption key in return for a ransom payment of US$300 – 500 in the DASH virtual currency.
This use of DASH is a first for ransomware, according to Europol, which notes that most file encrypting ransomware families use Bitcoin or Monero as the ransom payment method. This ransomware is also run as an affiliate program (ransomware-as-a-service), in which affiliates distribute the ransomware, while the GandCrab developers earn a commission from each ransom payment.
Thanks to the efforts of the Romanian authorities, Bitdefender and Europol, the tool is available for free on No More Ransom and on Bitdefender’s webpage and works for all known versions of the GandCrab ransomware family.
Europol says: “The release of this new tool is yet another example of the effectiveness of public-private partnerships like No More Ransom, an initiative which now encompasses 120 partners, the Romanian Police most recently having joined as an associate partner.”
To prevent infection with ransomware, users are advised to keep back-ups of important data, use a security solution, and avoid accessing links or files from unsolicited emails. Find more information and prevention tips on www.nomoreransom.org