Anti-Malware Research

Bitdefender, Europol, Romanian Police, DIICOT team up for GandCrab decryption tool

Ransomware has become one of the most profitable cybercrime verticals in recent years. Complex infection mechanisms and highly profitable affiliation schemes brought operators more than $1 billion in 2016.

GandCrab, the latest family of ransomware, started to claim victims in late January, demanding exorbitant prices (ranging from $400 to $700,000) in exchange for the decryptor.

Fortunately, the 50,000 users facing ransom demands can get their data back as Bitdefender has teamed up with Europol , the Romanian Police (IGPR) [announcement is in Romanian] and the Directorate for Investigating Organized Crime and Terrorism (DIICOT) [announcement is in Romanian] to release a free GandCrab decryption utility.

We are proud to provide our technical expertise in fighting cyber-crime as part of our long-standing mission: to protect the world’s Internet users and organizations.

The free tool, provided by Bitdefender, the Romanian Police, the Directorate for Investigating Organized Crime and Terrorism (DIICOT) and Europol, works for all known versions of GandCrab and is now ready for download on nomoreransom.org, an online portal available in 28 languages, and in the ransomware decryption tools section on labs.bitdefender.com.

Download the GandCrab decryption tool

About the author

Bogdan BOTEZATU

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.

9 Comments

Click here to post a comment
    • Hi there, AloeVera!

      Unfortunately, we can't decrypt version two right now, but we're working hard on finding a way to get your data back. Here is what you should do now:

      – take a backup of your encrypted files and save them somewhere safe;
      – take a backup of your ransom note and save it along with the encrypted files
      – restore your computer to a working state and clean the infection
      – hang on; we'll find a fix for this issue sooner or later.

  • Hi,

    In my case I still got trouble downloading the file using regular browsers or even free download manager as it always stop at 99%.

    Overcame it, by using wget or downloading directly to my synology NAS.

    However, the tool doesn’t work at all. Running it, normally or as Administrator, it asks if I would allow an AP from an unknown publisher to make changes to my device and once I click on Yes, it seems to load for a second (mouse cursor) and then nothing happens. Any suggestion?

  • Hi! I can't download the decryption tool 🙁 it fails every time from anywhere. please help!