Gandcrab ransomware has been inflicting cryptovirological attacks since January 2017. In this time period, many variants of this ransomware family have been developed. There is good news for all those users who have lost their data to the encryption activity of Gandcrab. According to the latest reports, the cybercrime division of Europol has come up with a ransomware removal solution for all the users affected by Gandcrab.
Cyber experts from the United Kingdom, Netherlands, Romania, Bulgaria, France, Poland, and Italy have teamed up to develop a ransomware removal measure against encryption activity of Gandcrab. However, it is important to mention here that the developed decryption tool won’t be effective against the activity of Gandcrab v5 and v1.4. Affected users have to consult professional ransomware removal experts if they are targeted by the aforementioned Gandcrab variants.
A short profile of Gandcrab
Since its entry into the cyberspace, Gandcrab ransomware family has affected more or less 500,000 users all around the world. From a technical standpoint, Gandcrab is a cryptovirological Trojan that uses exploit kits, such as RIG and Necurs Botnet to infiltrate into the targeted computers. Before unpacking its payload, the ransomware also checks for security software on the targeted device. Finally, the cryptovirological code is installed on the targeted device through PowerShell script. To lock down the files on the targeted computer, Gandcrab uses RSA encryption module.
GandCrab as RaaS
Different versions of GandCrab ransomware are mostly used as a RaaS, which enables third parties to launch ransomware attacks. The collected extortion amount from successful attacks is then shared between developers of the code and the operators of the attack according to a preset percentage. Unlike many cryptovirological attackers that ask ransomware removal extortion amount in Bitcoins, Gandcrab operators usually demand the ransom in Dash, a relatively less known cryptocurrency.
