GandCrab ransomware decrypted, but still distributed

Thanks to the selfless efforts from security researchers, victims of GanCrab crypto-malware can now download the decryption software free-of-charge. It is not every day that we get to announce such good news to victims of ransomware viruses: more sophisticated infections rarely turn out to have such significant flaws, allowing researchers to create free decryptors.

BitDefender releases the free decryptor for victims of GandCrab ransomware

BitDefender is the one applauded for the creation free decryptor for GandCrab virus. However, they did not win this battle alone: they co-operated with NoMoreRansom project and several law enforcement agencies. Romanian Police and the Romania’s Directorate for Investigating Organized Crime and Terrorism also played a big part in the case of GanCrab. According to the organization’s statements, they have arrested potential creators of this ransomware virus, but provided very little information about the suspects’ nationality or age. It is also unknown how many hackers were actually involved in this RaaS.

Decryptor for GandCrab virus

While the decryptor is still not perfect, it is very good news for victims. Some of them have claimed to have experienced some issues with the software, but researchers have stressed out that this is only the first version of the decryptor. Later on, BitDefender might release a tool which will decrypt users’ files without any issues. This might have seemed like the end for DanCrab, but hackers proved themselves to be more persistent than expected.

GandCrab crypto-virus is still being spread thru the fake “The HoeflerText font wasn’t found” pop-up

You would think that there is no point to continue on distributing a ransomware virus which already has been decrypted. However, crooks have a different idea. Security researchers have discovered that “The HoeflerText font wasn’t found” pop-up is now distributing GanCrab ransomware. This is not the first time when font-related messages are spreading crypto-malware: similar strategies were used to transmit Locky virus.

The fake font message is not only spreading the GandCrab crypto-virus: it is also transmitting a NetSupport Manager Remote Access Utility. This basically means that hackers are trying to get remote access to your computer. Users from different location are going to be infected with different viruses: some might receive the GandCrab virus, some will get the NetSupport Manager. It is unknown how the hackers make the distinction.

Since the ransomware virus is already decryptable, it is more dangerous to receive the remote access utility. After the obfuscated scripts are successful ran, cyber criminals will be able to get remote access to the operating systems. It is unknown why hackers are doing this: they might be aiming to spy on users or to infect them with other viruses.

Long story short, affiliates of GandCrab ransomware are still not giving up. If you encounter the rogue font message on your browser, please close the program. Of course, the worst thing you could do after encountering this message is downloading the offered font.


2 responses to “GandCrab ransomware decrypted, but still distributed

  1. Is it true that .CRAB-Files can be decrypted?
    What have to do to let decrypt my infected files?
    Pleasde give me an answer!

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

Security Guides

Recent Comments