GandCrab Ransomware – How to Get Your Files Back
GandCrab is a global ransomware that infects computers to take control of the device. Like other ransomwares, GandCrab locks up the use of a computer and makes demands for money in exchange for restored access by the rightful owner. The files on the computer are locked and held for ransom until the owner of the machine pays. The price tag is a $600 ransom payment. The ransomware has caused hundreds of millions of dollars in data losses and payments.
GandCrab ransomware was discovered near the end of January 2018. It quickly spread worldwide and is amongst the most common ransomware. The ransomware keeps evolving and if infected, it is important to know which version of GandCrab you are infected with, so you have the correct decrypter.
Bitdefender, maker of antivirus software, estimates that GandCrab has about 40% of the ransomware market. The most infected machines are in the United States and United Kingdom. South Korea, China, and Germany are also among the top contires afflicted with the malware.
How Does GandCrab Ransomware Infect Computers?
Originally GandCrab was spread by hackers who directly logged into exposed devices using stolen credentials. Hackers manually ran the ransomware then set it to spread throughout the entire network. Now GandCrab hackers are delivering ransomware to companies via vulnerabilities in remote IT support software used by service providers that manage customer workstations. GandCrab is also delivered as an email attachment.
What is Ransomware?
Ransomware is a type of malware. Ransomwares take control of a device and files or the entire device. The owner must pay a ransom to regain control of the device and the files. Of course, there is no guarantee that device or the files will be recovered even if the ransom is paid. Malware also corrupts devices and either destroys their usefulness or uses the device for its own mission. Malware does not demand payment.
GandCrab reappeared in the period leading up to Valentine’s Day. During holidays people tend to not be as careful about what emails they open. Hackers take advantage of the increased email and web traffic and use it to deliver malware and ransomware like GandCrab. Ransomware can be delivered with fake online greeting cards, spam that appears to offer gifts, and spoofed websites to trick readers into clicking on a link that start a ransomware download. Malicious apps, hacked email accounts and phishing emails can also be used to deliver ransomware or phish for login credentials.
How to Remove GandCrab Malware for Free
GandCrab can be defeated without paying the ransom. Bitdefender’s series of GandCrab decrytpers have unlocked over 10,000 machines. Bitdefender has released three versions of its GandCrab decrypter. The current decrypter can recover files locked up by GandCrab 5.2 The first iteration was first released in late February 2018. The application was updated in October 2018. Up until now GandCrab versions 1.x, 4.x, and 5.0.0 through 5.0.3 could be decrypted.
The latest version of GandCrab is version 5.2 and Bitdefender has a new decrypter our which is downloadable for free from their website.
Michelle writes about cyber security as well as how to protect your data online. She has worked in internet technology for over 20 years Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. She published a guide to Cyber Security for Business Travelers