$1 million in payment to GandCrab stoppedGandCrab has been a hugely successful ransomware this year. It is estimated by several cyber security vendors to have taken over $500 million since January 2018. However, its days as a money machine may finally be numbered due to a free decryptor released a week ago.

The decryptor was developed by Bitdefender as part of its collaboration with Europol, Romanian Police, FBI and other law enforcement agencies. Since its launch, 1,700 victims have managed to get their files back without paying up. This means that the developers of GandCrab have lost around $1 million in ransom payments. Something that can only be good news for everyone.

However, not everything in life is perfect. At the moment, the decryptor works only on versions 1,4 and 5 of the ransomware. It is also known to be effective for all versions released in Syria.

What is GandCrab?

GandCrab is a ransomware that first appeared in January 2018. Unlike other ransomware, it allows for custom ransom notes. This means that cybercriminals can target specific organisations and even machines, demanding a ransom based on the data that has been encrypted. This makes GandCrab very powerful and has led to its widespread adoption by cybercriminals.

Bitdefender estimates that over 500,000 people have been infected in the last 10 months. With ransoms ranging from $600 to over $700,000, that’s a lot of money. Bitdefender believes GandCrab has made over $300 million in just the last two months.

The most prolific versions of the ransomware are versions 4 and 5. These are both covered by the Bitdefender decryptor. As users begin to rescue their files, it will be interesting to see how quickly the cybercriminals release a new variant.

What does this mean?

Ransomware has become a major problem for organisations of all sizes. It is more than just an irritation, it is business threatening. The evolution of ransomware such as GandCrab has seen payments soar this year. The question is, can security vendors such as Bitdefender keep ahead of the cybercriminals?

For now, anyone infected with GandCrab has some hope. But once the cybercriminals see the cashflow drop, they will up their game and counter the decryptor.


Please enter your comment!
Please enter your name here