Researchers have released a free decryption tool of GandCrab ransomware which allows victims to decrypt their files for free
Researchers have released a free decryption tool of GandCrab ransomware which allows victims to decrypt their files for free.The free decryption tool was developed by Security researchers from Bitdefender along with several law enforcement organizations including FBI, Romanian police and other countries such as Bulgaria, France, Hungary, Italy, Poland, the Netherlands, United Kingdom.This version decryption tool can be used to recover files from GandCrab ransomware versions 1, 4 and 5.Victims can recognize the version of ransomware by extension it appends to encrypted files and or ransom note.Below is the table which shows GandCrab ransomware versions and extension it appends:VersionExtensionRansom NoteVersion 1file extension is .GDCB.The ransom note starts with —= GANDCRAB =—, ……………. the extension: .GDCBVersion 2file extension is .GDCB.The ransom note starts with —= GANDCRAB =—, ……………. the extension: .GDCBVersion 3file extension is .CRAB.The ransom note starts with —= GANDCRAB V3 =— ……….. the extension: .CRABVersion 4file extension is .KRAB.The ransom note starts with —= GANDCRAB V4 =— ……….. the extension: .KRABVersion 5file extension is .([A-Z]+).The ransom note starts with —= GANDCRAB V5.0 =— ………. the extension: .UKCZAVersion 5.0.1file extension is .([A-Z]+).The ransom note starts with —= GANDCRAB V5.0.2 =— …. the extension: .YIAQDGVersion 5.0.2file extension is .([A-Z]+)The ransom note starts with—= GANDCRAB V5.0.2 =— …. the extension: .CQXGPMKNRVersion 5.0.3:file extension is .([A-Z]+).The ransom note starts with—= GANDCRAB V5.0.2 =— …. the extension: .HHFEHIOLAt least one ransom should be present on your system to recover the file and for decryption tool to work.“The ransom-note is required to recover the decryption key. Please make sure that you do not run a clean-up utility which detects and removes these ransom-notes prior to execution of this tool. The information inside the ransom-notes is essential in the decryption process as it allows us to compute the unique decryption key for your files.” said in the blog post published by Bitdefender.Researchers also said they are working on GandCrab ransomware versions 2 or 3 (CRAB file extension) and ask victims to wait and not pay the ransomVictims can visit the blog post published by Bitdefender or visit www.nomoreransom.org to download the free decryption tool. For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin and Twitter.
You may be interested in reading:New FilesLocker Ransomware Discovered Distributing as a Ransomware as a Service