Caught GandCrab or any other ransomware? Bitdefender can help

Bitdefender is a contributor to the ransomware decryption tools repository – No More Ransom. If you have not heard of this wonderful set of tools to save your bitcoins, then read on.

The No More Ransom project is a mainstream cyber-enforcement and information security companies collaboration launched in 2016 by McAfee, Europol EC3, and Politie Police.

Since then reputable companies like Bitdefender, Kaspersky, Avast, Checkpoint, ESET, TrendMicro, and others have in a bi-partisan manner contributed intelligence and tools to fight ransomware.

The list of decryption tools is impressive. Its clear message is, “Do not to pay the ransom. By sending your money to cyber criminals you’ll only confirm that ransomware works. There’s no guarantee you’ll get the decryption key you need in return.”

Enter GandCrab – one of the most prolific ransomware to date

The GandCrab ransomware family has been extremely active in the past year. It surpasses other ransomware families in popularity and virality.

Bitdefender’s new decryption tool allows victims to regain access to their data without paying a ransom to cybercriminals. In addition to versions 1, 4, and early versions of 5, the new tool now addresses the latest infections with versions 5.0.4 through 5.1.

The previous tool had over 400,000 downloads. Its 10,000 victims were able to save more than US$5 million dollars in decryption fees. The newer GandCrab versions (since January 2018) has seen cybercriminals gain hundreds of millions of dollars.

Bogdan Botezatu, Senior E-Threat Analyst at Bitdefender, said,

“Ransomware operators will continue offering new and more dangerous versions of GandCrab. Our ongoing commitment is to help users regain control of their digital lives and deny profits to attackers. Collaboration between major cyber-security solution providers and law enforcement agencies has made this breakthrough possible, and tens of thousands of victims can now decrypt their data at no cost.”

Prevention is better than curing a case of GandCrab

You are the weak link, the nut that holds the wheel etc.

Malware usually enters a system via a cleverly socially engineered, phishing email that get you to click on a link to a website (drive-by infection) or enter your details in a legitimate-looking web form.

Use a fully patched system to stop advanced persistent threats from taking advantage of the operating system (OS) or hardware flaws.
Keep your other software up to date – things like Adobe Flash, Office and Java.
Use a paid anti-virus/malware system that has heuristic learning characteristics to stop your OS from doing something it should not. And it must detect poisoned websites and phishing emails.
Backup your data files (not OS files) regularly to a removable external USB flash device or the cloud. If these are not ‘network shares’ the malware should not see them either.
Enable the ‘Show file extensions’ in Windows Explorer. This makes it easier to spot malicious file attachments like ‘.exe’, ‘.vbs’ and ‘.scr’. Scammers often use nested extensions to disguise a malicious file as a video, photo, or document (like hot-chics.avi.exe or hot-chics.doc.scr).
Trust no one. Cybercriminals use advanced machine learning and AI to trawl your social networks to build a dark web profile that can spoof communications from so-called trusted sources.
If you find a rogue process immediately shut down your Wi-FI or network connection and pull the PC power plug.
Restart in safe mode without networking: Press Ctrl+F8 at boot time (see here for alternative ways to invoke Safe Mode). Then you can repair the system without infecting others but remember that you can’t download anything from the internet so you may need to do this using another computer and transferring files via USB flash drive – via the old sneaker-net.