Free decryption tool available for GandCrab ransomware version 5.1

• Bitdefender in collaboration with the Romanian Police, Europol, and other law enforcement agencies, has released another new decryptor for GandCrab ransomware versions v5.1.
• Ever since Bitdefender released its first free decryptor, there have been more than 10,000 successful decryptions across the globe.

A decryptor is available for users whose systems got infected with the latest GandCrab version v5.1. Bitdefender in collaboration with the Romanian Police, Europol, and other law enforcement agencies, has released a new decryptor for GandCrab ransomware version v5.1.

Third decryptor

This is the third decryption tool Bitdefender has released for GandCrab ransomware infection. In February 2018, Bitdefender released the first free decryptor tool which was used by almost 2,000 home users, companies and non-profits to retrieve their compromised data. Ten months later, Bitdefender released another decryptor for GandCrab versions 1, 4 and 5 up to v5.0.3.

Successful decryptions

Ever since Bitdefender released its first free decryptor, there had been more than 10,000 successful decryptions across the globe thus helping victims save more than $5 million dollars in decryption fees.

Victims that used the decryptor were spread across the globe with a majority of victims located in South Korea, followed by China, India, Germany, the United States, Brazil, Indonesia, Italy, Turkey, and Spain.

What about GandCrab version 5.2?

While researchers observed GandCrab version 5.1 to be the latest one, few noted that a new variant of GandCrab v5.2 has emerged this week.

Tamas Boczon, a senior threat analyst at VMRay, tweeted that GandCrab authors might have released the new version in response to the decryptor tool. “#GandCrab 5.2 samples, probably response to the new decryptor,” Boczon tweeted.

Another malware analyst who goes under the name ‘Valthek’ tweeted that GandCrab version 5.2 version has been released 3 days ago which cannot be decrypted with the free decryptor tool. Bitdefender confirmed that there is a new GandCrab variant for which no decryption tool is currently available.

Prevention is crucial

• Bitdefender advised organizations to have a security solution with layered defenses against ransomware attacks.
• The company recommended organizations to ensure if the security solution is up-to-date.
• It further recommended organizations to ensure that their OS and the third-party software are of latest versions and up-to-date.