A cybersecurity company located in South Korea AhnLab has found a solution to tackle GandCrab’s Ransomware. The company has released a vaccine application. Ransomware removal experts believe that AhnLab’s application has paved the way for other cybersecurity companies to counter the latest ransomware threats.
According to ransomware removal experts, GandCrab is a notorious ransomware that is known to not only lock the files of its victims via encryption algorithms but also taking command of the root folder in the system.
How Does the Application Work?
AhnLab’s application provides the ability to duplicate a file with the extension of ‘.lock’ that is created by the GandCrab Ransomware.
The name of the unique file is [[hexadecimal-string].lock] and it is saved in the Program Data folder in the C Drive of Windows Operating Systems. The hexadecimal string is created with respect to a computer’s details related to the volume of its root drive with the presence of a cryptographic algorithm known as Salsa20.
GandCrab places this file in order to observe if a victim’s system has been affected with the ransomware before so they can be prevented in running the .exe file multiple times, saving the ransomware from working repeatedly.
Ransomware removal experts explain that AhnLab app’s duplication of the file means that the ransomware is deceived into believing a computer to be already infected as well as duped into thinking that users’ files have already been encrypted. Thus, it saves users from the infamous ransomware’s machinations.
Only Works against the Latest Versions
However, there is a hint of negative news too. Unluckily, the app can only fool the GandCrab Ransomware’s version of 4.1.2 which has been noticed in the security circles since mid-July. The file with ‘.lock’ extension has been a part of GandCrab since that beginning of July.
According to ransomware removal experts, it is still possible to modify the source code of the application so it can deal with the older versions of GandCrab. Since the previous versions of GandCrab were similar in their modus operandi, hence it will be easier to tackle them.
