Europol Releases Fix For New Ransomware-as-a-Service
After infecting 50,000 victims in under a month, a data recovery kit has been released for the GandCrab Ransomware-as-a-Service malware.
The GandCrab ransomware is one of the most aggressive malware attacks in recent months, infecting over 50,000 people since it was first detected in early 2018.
The malware spreads through spoof adverts displayed on compromised websites, or through fictitious invoices sent as e-mail attachments. Once installed, the ransomware encrypts the victim’s files, demanding a payment of DASH virtual currency.
Unusually ransomware demands from GandCrab infections have reached a jaw-dropping $600,000 and upwards, far higher than the typical demands of between $300 and $500.
GandCrab is also unique as it uses an ‘affiliate programme’ in which the developers of the malware earn a commission from each ransom payment made. In other words it’s the first example of Ransomware-as-a-Service, in what could be a worrying new development in the ongoing evolution of cybercrime.
As of today, a new decryption tool for victims of the GandCrab ransomware is available on www.nomoreransom.org. This tool has been released by the Romanian Police (IGPR) under the supervision of the General Prosecutor’s Office (DIICOT) and in collaboration with the internet security company Bitdefender and Europol.
It’s unknown which specific group or organisation is behind GandGrab. However, the ransomware is advertised on Russian hacking forums, with the authors explicitly instructing those who become a part of the partnership scheme not to target Russia or any other country in the Commonwealth of Independent States of former Soviet republics.
The decryption tool works for all known versions of the GandCrab ransomware family.The tool is the product of the No More Ransom initiative, which includes over 120 organisations around the world, working to combat ransomware.
Europol is advising users to keep back-ups of important data, use up-to-date security solutions (Firewalls, anti-virus software) and to avoid accessing links or files from unsolicited emails.
Find more information on ransomware and for more prevention tips visit www.nomoreransom.org.