Commonly Deployed Ransomware Thwarted Thanks to New Decryptor

Way back in 2018 there was ransomware called GandCrab. It first appeared in January of that year and quickly evolved into one of the most commonly used malware-as-a-service (MAAS). The first version was quickly discovered and found to be rather “crude.” Because of that fact, a decryptor was easily developed for it. However, as it evolved into something more dangerous, those decryptors became useless and unless victims had backups ready, they were stuck paying a ransom that ranged from $300 to $6,000. That’s no shabby payday for the criminals.

Now, with the help of law enforcement agencies in many countries, including the United States and Europol, police in Romania have created a decryptor for GandCrab that works on versions 5.0.4 to 5.1. That’s some great news indeed.

However, just because there is a decryptor available doesn’t mean it’s advised that anyone ignore backing up files. Every organization should have some type of backup program in place. How often you back up depends on what your data includes and whether or not having it up to date at all times is a matter of life or death.

But wait! Backups are not just for organizations. They are important for individuals too. And the cost to get a decryption key from a cybercriminal that may or may not work can hurt a lot more for an individual sometimes than for a corporation. Backups are not difficult to do anymore. External hard drives are inexpensive and can hold a lot of data. Many of them only require you to plug them into your computer and they do the rest. Such an easy solution may be worth it to keep your precious pictures and important data safe and easily retrievable should ransomware hit. You can also back up data to the cloud. There are many options available for this too.

Also be sure to have anti-malware software on your devices and that it as well as your operating system software is kept updated at all times.

GandCrab decryptors have been downloaded over 400,000 times, according to Europol. This has given around 10,000 users access to decrypt files without paying a ransom. It has also attacked over 500,000 times, including on several U.S. healthcare providers. It claims the title for biggest ransomware for 2018 according to security sources. Unfortunately, it’s expected that a new version of GandCrab will be released soon. When it is, have those backups current because the decryptors won’t work on it—at least not right away.