Back to Newsroom

28 February 2018

● GandCrab claims 50,000+ victims in less than a month, seeks ransoms of up to $600,000+

Victims of GandCrab, a new family of ransomware analyzed by Bitdefender, can now download the Free GandCrab Ransomware Decryption Tool to recover any data lost to the malware, which encrypts personal data on victims’ machines.

The free tool, provided by Bitdefender, the Romanian Police, the Directorate for Investigating Organized Crime and Terrorism (DIICOT) and Europol, works for all known versions of GandCrab and is now ready for download on nomoreransom.org, an online portal available in 28 languages, and in the ransomware decryption tools section on labs.bitdefender.com

GandCrab has been spreading since January 2018, using malicious advertisements that lead to Rig Exploit Kit landing pages or via crafted e-mail messages impersonating other senders. GandCrab has infected around 53,000 computers.

In exchange for the decryptor, the GandCrab operators ask for a ransom of anywhere between hundreds and hundreds of thousands of dollars in DASH – a crypto-currency that has just made its debut in cybercrime. The developers of GandCrab use a ransomware-as-a-service business model that allows people with little technical skill to attack with relative ease.

“Ransomware has become a billion-dollar cash cow for malware authors, and GandCrab is one of the highest bidders,” Bitdefender’s Senior Director of the Investigation and Forensics Unit, Catalin Cosoi says. “We are glad to provide our technical expertise in fighting cyber-crime as our long-standing mission is to protect the world’s Internet users and organizations. In the near future, we expect ransomware developers to migrate towards mining and stealing cryptocurrency.”

With almost half of victims paying fees ranging from $300 to $500, according to a Bitdefender survey, ransomware-on-demand and ransomware-as-a-service have proliferated rapidly. As a security precaution, users are strongly advised to back-up sensitive data, use a known security solution on all devices, avoid accessing malicious links and beware of spear-phishing emails.

No More Ransom was launched in July 2016, introducing a new level of cooperation between law enforcement and the private sector to fight ransomware. Statistics show most visitors to the platform come from Russia, the Netherlands, the United States, Italy and Germany.

More information and prevention tips are available on www.nomoreransom.org.

 Share

Share

 

Contacts