HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Free Decryptor for GandCrab Ransomware v5.1 Released

A free decryptor for GandCrab ransomware has been released that allows victims to recover files encrypted by versions 5.0.4 to 5.1 of the ransomware. Previous decryptors have only worked on version 1, 4, and some of the early version 5 variants.

The new GandCrab ransomware decryptor was developed by the Romanian police with assistance provided by Bitdefender, Europol, and law enforcement agencies in Austria, Belgium, Cyprus, France, Germany, Italy, the Netherlands, UK, Canada and the United States.

GandCrab ransomware was first used in attacks in January 2018. The first version of the ransomware was somewhat crude and a free decryptor was rapidly developed and released in February. Latter variants were more advanced and more adept at evading detection; however, in October, a second GandCrab ransomware decryptor was released that worked on version 4 of the ransomware.

According to Europol, those decryptors have been downloaded more than 400,000 times and have allowed around 10,000 users to decrypt their files free of charge.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

To date, GandCrab ransomware has been used in more than 500,000 attacks, including several on U.S. healthcare providers. Ransom demands vary but are typically in the range of $300 to $6,000, depending on the extent of the attack and the number of devices that have been encrypted.

GandCrab ransomware was the biggest ransomware threat in 2018 is now the most widely used ransomware variant. Part of its success is due to regular updates. When decryptors are developed, new versions are rapidly released. The threat actors behind the ransomware are also rather adept at marketing the ransomware and recruiting affiliates to run ransomware campaigns. GandCrab now dominates the ransomware-as-a-service market.

Multiple threat actors are using the ransomware and various methods are used to infect end users. Spam email campaigns are common, although recently the ransomware has been installed using stolen RDP credentials and through exploitation of vulnerabilities in software and operating systems. Managed service providers (MSPs) have also been targeted and privileged access to clients’ systems has been abused to download the ransomware onto clients’ workstations.

The latest free decryptor for GandCrab ransomware is certainly good news and will help healthcare providers recover files without having to pay the ransom demand. However, version 5.2 of the ransomware is expected to be released soon. The latest decryptor will not work on the new version.

“If you have a security solution, make sure it is up-to-date and has layered defenses against ransomware. The better it is at detection, the lower your chances of infection. Also make sure you are running the latest version of your OS and third-party software,” wrote Bitdefender. “If you don’t have a security solution, get one now. It helps a lot, and it’s way less expensive than a $600 ransom payment.”

The free decryptor for GandCrab ransomware works for versions 1, 4, and most version 5 variants, and can be downloaded from the No More Ransom website.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.