Options still remain for GandCrab’s SMB & MSP victims

Next story

Master decryption keys for the GandCrab ransomware are out

GandCrab is a malware notorious for becoming one of the most highly detected families of ransomware since its arrival at the beginning of 2018, nearly reaching the same detection levels as WannaCry in certain regions of the world. One of the biggest hits for GandCrab was the more recent exploit of a vulnerability in a remote monitoring and management (RMM) plug-in popular among managed service providers (MSPs).

Fortunately, the FBI has recently published master keys for versions 4, 5, 5.0.4, 5.1 and 5.2 of this ransomware. These master keys can be used to develop decryption tools that allow victims to recover documents encrypted by the ransomware attack.

The developers of GandCrab had been operating within a ransomware as a service (RaaS) business model, in which evildoing partners could deploy the ransomware and divide their gains with their masters. As of early June 2019, GandCrab’s architects announced that they would halt their operations. Furthermore, the malicious operators also warned victims in their communications that encrypted documents would no longer be recoverable since the decryption keys would also be destroyed.

Luckily for victims, the FBI, in cooperation with European law enforcement agencies, recently published a decryption tool for all versions of the ransomware. Find the FBI’s Flash Alert communication here.

It’s not every day that decryption keys for the latest ransomware can be found. Businesses would do well to protect against a ransomware attack happening in the first place.

ESET has been sharing its detections of all variants of GandCrab since the start of the ransomware’s appearance in January 2018.

We strongly recommend that all businesses take proactive steps and use a reliable security solution with robust ransomware shield protection to guard their endpoints against the latest threats.

Held for ransom?

Ransomware is a prolific problem, and in many cases decryption keys are not available. Regardless, it always pays to take steps to ensure business continuity. So, in addition to ransomware protection, set up processes and technology for backing up your data.

If that fails and you get infected, thoroughly and regularly monitor for decryption keys for the ransomware that has impacted your systems. One easy step that can be taken is to set up a Google Alert for “decryption keys for [ransomware in question].

Because ransomware is one of the most prevalent threats facing businesses, it is a good idea to follow both this topic and the practices used to mitigate the related issues.

Businesses can check out ESET’s business offering here.