Choose your language
VNCDN Products
CDN
SECUMAIL Products
Other Products
Solutions

Email: contact@vnetwork.vn

Hotline: (028) 7306 8789

Officially putting a halt to the nightmare Ransomware GandCrab

21/06/2019
Officially putting a halt to the nightmare Ransomware GandCrab

An official announcement from Bitdefender and Europol stated, they have fruitfully released the latest code against the extortion code GandCrab, which has been a dangerous threat to many enterprises in the world over the past 1 year. 

Just like many codes released before that Bitdefender has built, the decoding tools for ransomware GandCrab could not be provided free as there was still some vulnerability of the encryption algorithm. Instead, this security guard will cooperate with the government, state from many countries for the right of getting access to the server C&C of GandCrab to download the necessary decoding keys, and then use them to decode the victim’s file.

GrandCrab’s code of extortion used to shock the world

Since the toxic code GandCrab was released on 28th January 2018, many technology websites and security guard from all over the world have been watching its single movement. At that time, this code just began to be distributed through the Ransomware-as-an-Affiliate System on the implicit hacker forum such as Exploit.in. 

The toxic code GandCrab was distributed through the Exploition RIG. When spreading to the victim’s system, it would decode all the files stored in the computer, which made them disable





 

Thông báo tiền chuộc của mã độc GandCrab

Ransom announcement of GandCrab

During the operation time, the ones who stepped behind GandCrab continuously abused words to taunt, joke and collate to many famous security researchers. For instance, for the first release of ransomware GandCrab, the hacker decided to use the domain names for their server C&C (Command & Control), based on the organizations and websites which were supposed to be researching or considering this ransomware, as a challenge, including:

- bleepingcomputer.bit

- nomoreransom.bit

- esetnod32.bit

- emsisoft.bit

- gandcrab.bit

Since then, many security researchers and the ones being GandCrab have been instantly fighting against each other. During this period, the researchers seemed to be inferior to the development of GandCrab on a global scale. It was not until the release of the GandCarb version 5.2 (The last version) a few months ago that the global security guard started to roll out extremely heavy counter-attacks. A large number of servers C&C of GandCrab were successfully hacked and the network security expert released plenty of specialized code for this extortion code.

Finally, at the beginning of June, the ones behind GandCrab announced that they gradually stopped the ransomware Gandcrab after earning more than 2 billion dollars. The claim of the criminal gang with the latest decoding key released by the experts, the nightmare called ransomware GandCrab officially ended and now, the victim can decode and get access to their data.

More: GandCrab Ransomware stopped after earning 2 billion dollars

Decoding tools for file encoded by GandCarb 

If you are a victim of toxic code ransomware GandCrab v1,v4 and version from 5 to 5.2, now, you can recover all the data encoded without paying the ransom through using the decoding key updated by Bitdefender.


Công cụ giải mã ransomware GandCrab mới nhất

The latest decoding tools for ransomware GandCrab

Firstly, download file BDGandCrabDecryptTool.exe here. After that, you need to open this program file and receive an agreement fo allowance, click on the “accept” button with the provisions. The decoder will begin to run and your announcement system should be connected to the internet in order to conduct the next steps. This request is necessary because this decoder needs to be connected to the Bitdefender Server to check your key and download it.

Here, the screen will show the decoding option GandCrab as below. Then, you can choose to decode all the encoded data or decode manually by selecting the specific files. According to the researchers, they recommend encoding manually to ensure that the decoder operates accurately without any serious problem. 



1

Tùy chọn giải mã cho mã độc GandCrab

Decoding option for GandCrab

After selecting the encoded file, click on the Start Tool. The system will start to download and decode the file. Concurrently during the process, the decoder will search and collect some specific information. This information will be uploaded to the Bitdefencer Server. When the process end, the decoder will send you a message and a warning in case of any problem happening.


Quá trình giải mã tập tin bị mã hóa bởi ransomware GandCrab

The process of decoding the encoded file by ransomware GandCrab


If there are any problems, you can click on the log link to automatically open the log file named Temp%\BDRansomDecryptor\BDRansomDecryptor\BitdefenderLog.txt. The log file will contend a summary of the information of the decoded file as well as the error cases, or unable to be decoded. Don’t worry, you just need to reset the program and decoded the error file or leave your questions at the Supporting forum of GandCrab.




 
Hoàn tất quá trình giải mã GandCrab

Completing the decoding GandCrab process

 

Although the attack of ransomware GandCrab ended, the men behind this are still mysterious. The threat of the extortion code ransomware can be sophisticated and outbreak at any time. However, this ending still seems to be good for human beings.