Joint operation before the closure of GandCrab ransomware

Posted date 20/06/2019

The cybercriminals responsible for GandCrab, a ransomware that emerged in January 2018 and has brought numerous economic revenues to its creators, especially due to its facet of RaaS (Ransomware as a Service), have announced the cessation of its operations in a short space of time.

In their farewell message, they urged the victims to pay the ransom as soon as possible to recover the contents of the encrypted files, as it would be impossible to decrypt them when they closed the servers, because they intended to remove all private keys.

BitDefender, along with Europol, the FBI and other security agencies, have managed to take control of GandCrab's C&C server before it was shut down and, as a result, have managed to download the victims' private keys. Bitdefender has published a decryption tool so that everyone affected can recover their files for free.

[Update 17/07/2019]: FBI, in collaboration with different cyber security agencies, has published the master keys for GandCrab that allow any file encrypted by this ransomware to be decrypted, which is its definitive end.