Europol Releases Fix For New Ransomware-as-a-Service

UK Gov Cybersecurity

After infecting 50,000 victims in under a month, a data recovery kit has been released for the GandCrab Ransomware-as-a-Service malware.

The GandCrab ransomware is one of the most aggressive malware attacks in recent months, infecting over 50,000 people since it was first detected in early 2018.

The malware spreads through spoof adverts displayed on compromised websites, or through fictitious invoices sent as e-mail attachments. Once installed, the ransomware encrypts the victim’s files, demanding a payment of DASH virtual currency.


Unusually ransomware demands from GandCrab infections have reached a jaw-dropping $600,000 and upwards,  far higher than the typical demands of between $300 and $500.

GandCrab is also unique as it uses an ‘affiliate programme’ in which the developers of the malware earn a commission from each ransom payment made. In other words it’s the first example of Ransomware-as-a-Service, in what could be a worrying new development in the ongoing evolution of cybercrime.

Decryption Tool

As of today, victims of the malware now have a solution, thanks to Europol, Internet security company Bitdefender and the Romanian Police (IGPR), who have released a GandCrab decryption tool.

As of today, a new decryption tool for victims of the GandCrab ransomware is available on This tool has been released by the Romanian Police (IGPR) under the supervision of the General Prosecutor’s Office (DIICOT) and in collaboration with the internet security company Bitdefender and Europol.

Perpetrators Unknown

It’s unknown which specific group or organisation is behind GandGrab. However, the ransomware is advertised on Russian hacking forums, with the authors explicitly instructing those who become a part of the partnership scheme not to target Russia or any other country in the Commonwealth of Independent States of former Soviet republics.

The decryption tool works for all known versions of the GandCrab ransomware family.The tool is the product of the No More Ransom initiative, which includes over 120 organisations around the world, working to combat ransomware.

The decryption kit can be downloaded from the No More Ransom or the BitDefender wesbite.

Europol is advising users to keep back-ups of important data, use up-to-date security solutions (Firewalls, anti-virus software) and to avoid accessing links or files from unsolicited emails.

Find more information on ransomware and for more prevention tips visit

Latest News

cybersecurity Data News
14th December 2018

GCHQ Given Green Light to Hack at Will

Featured News
14th December 2018

DIGIT Tech News Roundup – 14th of December 2018

IoT News
14th December 2018

IoT Christmas Lights are a Real Turn On

cybersecurity News
14th December 2018

Hackers Increasingly Turn to AI to Super Boost Phishing Scams