Free tool to decrypt all versions of the GandCrab ransomware released

Bitdefender's decryption tool can neutralise the latest versions of GandCrab, as well as retrieve files encrypted by earlier versions

Bitdefender has released a free tool enabling victims of the GandCrab ransomware to decrypt their files without paying a ransom.

Bitdefender researchers developed it in partnership with Europol, the Federal Bureau of Investigation, Romanian Police, the UK's National Crime Agency, DIICOT, and several other security agencies across Europe.

The decryption tool is available for download on websites of Bitdefender Labs and the No More Ransom project. According to its developers, it is capable of neutralising the latest versions of the malware - GandCrab v5.0 through to GandCrab v5.2 - and can also retrieve files encrypted by earlier versions of the ransomware.

AI & Machine Learning Live is returning to London on 3rd July 2019. Hear from the Met Office's Charles Ewen, AutoTrader lead data scientist Dr David Hoyle and the BBC's Noriko Matsuoka, among many others. Attendance is free to qualifying IT leaders and senior IT pros, but places are limited, so reserve yours now.

GandCrab 5.2 will almost certainly be the last version of the ransomware after the group behind it announced their retirement earlier this month - having made tens of millions of dollars from cyber crime.

After the shutdown at the end of the month, all decryption keys held by the group will be deleted.

The first version of the GandCrab decryptor was released in February last year. In October, Bitdefender released an update to the tool. A special decryptor for GandCrab ransomware victims located in Syria was also released.

We can safely assume that 5.2 will be the last ransomware version ever from the GandCrab team

Free decryption tools released over the past 18 months have helped more than 30,000 victims, according to Bitdefender. These tools have also saved victims around $50 million in unpaid ransoms.

GandCrab is, by far, the most widespread ransomware strain at the moment, according to security experts. It emerged in January 2018, and filled the place of the Cerber and Locky ransomware strains.

In less than a year, it became the world's most widespread ransomware, accounting for about 50 per cent of all infections. It is believed to have infected over 1.5 million Windows systems since January 2019.

The ransomware was also rented out to other hackers on a well-known hacking forum.

The creators of the ransomware claim it has been behind the extortion of around $2 billion from victims. The group behind it say they have laundered the money raised from the ransomware by investing in multiple legitimate businesses.

Delta is a new market intelligence service from Computing to help CIOs and other IT decision makers make smarter purchasing decisions - decisions informed by the knowledge and experience of other CIOs and IT decision makers.

Delta is free from vendor sponsorship or influence of any kind, and is guided by a steering committee of well-known CIOs, such as Charles Ewen, Christina Scott, Steve Capper and Laura Meyer.

Ten crucial technology areas are already covered at launch, with more data appearing and more areas being covered every week. Sign-up here for your free trial of the Computing Delta website.