- The No More Ransom campaign released a decryption tool for the newest GandCrab ransomware variant, one of the most notorious ransomware families that has hit the healthcare sector hard in the last year.
The decryptor was developed in partnership with the Romanian police, security firm Bitdefender and Europol, along with other global law enforcement. No More Ransom is a private-public partnership launched by the Dutch National Police and Europol, alongside Kaspersky Lab and McAfee.
The tool will decrypt the files of victim’s infected with GandCrab version 5.0.4 through 5.1, the latest version. The variant is still active, locking up victim’s computers between November through today. It’s the third decryptor released for GandCrab, with one released in February and updated in October.
This means that most victims can now unlock their files without paying a ransom.
Europol officials noted it’s the most prevalent threat today, outpacing Locky and SamSam, which pummeled the healthcare sector in 2016 and beyond. GandCrab began to spike in January 2018 and has continued to evolve and proliferate.
Most recently, FABEN OB-GYN began notifying about 6,000 patients that their data was permanently lost due to a GandCrab ransomware hack.
The hackers infect organizations using exposed remote desktop protocols or by directly logging into a victim’s computer using stolen credentials, researchers explained. Once authenticated on the network, the cybercriminals manually install the ransomware with instructions to proliferate, according to Bitdefender.
In recent months, the hackers have been delivering the ransomware to victims through remote IT support software vulnerabilities used by managed service providers to manage their customer’s workstations.
“This persistence is why prevention is crucial. If you have a security solution, make sure it is up-to-date and has layered defenses against ransomware,” Bitdefender researchers wrote. “The better it is at detection, the lower your chances of infection. Also make sure you are running the latest version of your OS and third-party software.”
“GandCrab has inflicted hundreds of millions of dollars in losses globally since its emergence and is now one of the most prevalent families of ransomware on the market,” they added. “Since our first decryptor, in aggregate, we have already helped nearly 10,000 victims save more than $5 million dollars in decryption fees.”
However, Bitdefender researchers said the celebration of the new decryption tool will be short-lived, and they’ll continue to work on the virus, “as GandCrab operators will no doubt change tactics and techniques.”
It’s also important to note that security researchers, law enforcement, and other stakeholders warn against paying ransoms. Instead, the organization should back up encrypted data and contact law enforcement. The free decryption tool can be found through Bitdefender.