Europol Releases Fix For New Ransomware-as-a-Service

Europol GandCrab: Ransomware Decryption Kit Released

After infecting 50,000 victims in under a month, a data recovery kit has been released for the GandCrab Ransomware-as-a-Service malware.

The GandCrab ransomware is one of the most aggressive malware attacks in recent months, infecting over 50,000 people since it was first detected in early 2018.

The malware spreads through spoof adverts displayed on compromised websites, or through fictitious invoices sent as e-mail attachments. Once installed, the ransomware encrypts the victim’s files, demanding a payment of DASH virtual currency.

Ransomware-as-a-Service

Unusually ransomware demands from GandCrab infections have reached a jaw-dropping $600,000 and upwards,  far higher than the typical demands of between $300 and $500.

GandCrab is also unique as it uses an ‘affiliate programme’ in which the developers of the malware earn a commission from each ransom payment made. In other words it’s the first example of Ransomware-as-a-Service, in what could be a worrying new development in the ongoing evolution of cybercrime.

Decryption Tool

As of today, victims of the malware now have a solution, thanks to Europol, Internet security company Bitdefender and the Romanian Police (IGPR), who have released a GandCrab decryption tool.

As of today, a new decryption tool for victims of the GandCrab ransomware is available on www.nomoreransom.org. This tool has been released by the Romanian Police (IGPR) under the supervision of the General Prosecutor’s Office (DIICOT) and in collaboration with the internet security company Bitdefender and Europol.

Perpetrators Unknown

It’s unknown which specific group or organisation is behind GandGrab. However, the ransomware is advertised on Russian hacking forums, with the authors explicitly instructing those who become a part of the partnership scheme not to target Russia or any other country in the Commonwealth of Independent States of former Soviet republics.

The decryption tool works for all known versions of the GandCrab ransomware family.The tool is the product of the No More Ransom initiative, which includes over 120 organisations around the world, working to combat ransomware.

The decryption kit can be downloaded from the No More Ransom or the BitDefender wesbite.

Europol is advising users to keep back-ups of important data, use up-to-date security solutions (Firewalls, anti-virus software) and to avoid accessing links or files from unsolicited emails.

Find more information on ransomware and for more prevention tips visit www.nomoreransom.org.



Latest News

Events Leadership
22nd June 2018

DIGIT Leaders 2018: Adapt or Die

Business Infrastructure News
Business Entrepreneurship News Public Sector
22nd June 2018

CivTech 3.0 Challenge Applications Incoming!

Business IoT News Public Sector
22nd June 2018

Transforming Scotland’s Public Services With IoT