BEFORE YOU READ THE REST OF THE ARTICLE: Please note that there is a second version of GandCrab in the wild now. If your encrypted files have the .CRAB extension, this tool will not bring your files back.
A new family of ransomware dubbed GandCrab has been making its rounds since January this year. Spreading via malicious advertisements leading to Rig Exploit Kit landing pages or via crafted e-mail messages impersonating recepits, GandCrab has managed to infect around 50K computers. In order to get the decryptor, the GandCrab operators ask for a ransom of anywhere between hundreds and hundred thousand dollars in DASH – a crypto-currency that just made its debut in cybercrime.
The good news is that now you can have your data back without paying a cent to the cyber-criminals, as Bitdefender has released a free utility that automates the data decryption process.
How to use the tool?
Step 1: Download the decryption utility provided by Bitdefender and save it somewhere on your computer. Please note that this tool requires an active internet connection. Without this prerequisite the decryption process won’t continue.
Step 2: Run the utility (which gets saved by default as BDGandCrabDecryptor.exe).
Step 3: Agree to the terms and conditions.
Step 4: Provide the tool with a path to your encrypted files or, alternatively, check the “Scan the entire system” option and press the “Scan” button. We strongly advise that you backup the files by selecting the “backup files” option. Regardless of whether you check the “Backup files” option or not, the decryption tool attempts to decrypt 5 random files in the provided path and will NOT continue if the test is not successful. If you test the tool against a limited number of files make sure that you have AT LEAST 5 samples in the folder.
Step5: At this point, your files should be decrypted. If you checked the backup option, you will see both the encrypted and the decrypted files.
If you encounter any issues, please contact us at via the e-mail address provided in the removal tool.
This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)