GandCrab ransomware: How to decrypt and recover your data without paying ransom
If you've been hit with the malicious GandCrab ransomware this year, here's how you can decrypt your files.
A new decryption tool has been released for victims of the nasty GandCrab ransomware that has infected over 50,000 victims across the globe this year. First detected in January, GandCrab has been deemed one of the most aggressive forms of ransomware this year.
Spread through malicious advertisements on dubious websites, fake invoices sent as email attachments and even exploit kits, the ransomware encrypts all files on an infected system and demands a ransom payment of between $300-$500 (£217 - £362) worth of Dash cryptocurrency.
Other strains of ransomware typically ask for payments in Bitcoin or Monero.
GandCrab is also run as a ransomware-of-a-service through which other wannabe hackers can distribute the malicious code while the original authors get a commission for each ransom.
It is not clear who is behind GandCrab. The ransomware has been advertised on Russian hacking forums with its authors warning users who join the scheme not to target Russia or any nation within the Commonwealth of Independent States. The malware also specifically checks if the keyboard layout is in Russian to avoid encrypting such machines.
Now, BitDefender has released a free decryptor online to help victims infected with GandCrab ransomware decrypt and recover their files without paying the ransom.
Europol, Romanian Police and Romania's Directorate for Investigating Organized Crime and Terrorism have also formally announced the decryption tool that is available for free via the No More Ransom portal.
How to decrypt your files using the GandCrab decryption tool:
- Download the GandCrab Decryptor and save it on your desktop.
- Run the tool saved as BDGandCrabDecryptor.exe by default to start the program.
- Click on the "I Agree" button to agree to the listed terms and conditions and continue.
- The Bitdefender GandCrab Decryptor screen will pop up for you to provide it with a path to your encrypted files. Alternatively, you can use the "Scan entire system" option and press the scan button.
- Before hitting "Scan", be sure to backup the files by selecting the "backup files" option.
- The GandCrad Decryptor tool will test against five encrypted files before proceeding.
- If you decide to test out the tool, make sure you have at least five sample files in the folder to be scanned. If it still unable to decrypt the five files, it will not try to continue and decrypt any more.
- Your files should be decrypted and you should be able to view both the encrypted and decrypted files, if you did select the backup files option.
- If you do happen to run into any problems, you can contact BitDefender via the email address provided in the GandCrab removal tool.
Security experts have warned that ransomware attacks skyrocketed in 2017 and will likely continue to soar in 2018.
"Ransomware continues to be a popular cybercriminal approach because of the sheer number of targets that can be infected," Trend Micro said in a recent report. "Everyone from individual users to large enterprises have been attacked, and small to expansive infections won't stop anytime soon.
"The bottom line here is that as long as ransomware results in profit, hackers will continue to use it as a main attack strategy."