ESET releases new decryptor for Syrian victims of GandCrab ransomware shopdumps101com, sexdumpsnet
ESET experts have created a new decryption tool that can be used by Syrian victims of the GandCrab ransomware. It is based on a set of keys recently released by the malware operators
ESET has published a new decryption tool for Syrian victims of the GandCrab ransomware . The developers of this infamous malware family released the keys on an underground forum following a tweet from a Syrian victim who had lost pictures of his deceased children to the encrypting malicious code.
Download the decryptor
In their public message, GandCrab’s operators quoted “political and economic situation as well as relations with CIS countries” as the reasons for their decision. The group has also emphasized that this was an exception and keys for other countries or victims would not be shared even if GandCrab operations are seized in the future.
As reported by BleepingComputer.com , the released batch only encompasses keys for Syrian victims. Malware operators also stated that it was a mistake to keep Syria on the list of targeted countries. It is unclear if this will change in any future GandCrab campaigns, as the latest variant (5.0.4) does not list languages used in Syria among the exemptions (see Figure 1).
The ESET GandCrab decryption tool is designed to decrypt files of 979 Syrian victims irrespective of the malware version they were affected with (1.0 to 5.0). Users can download the decryptor here . For further instructions and information, please refer to our GandCrab decryptor knowledgebase article .
This is not the first time malware authors have released keys for a prevalent ransomware family (or its variants), allowing cybersecurity companies to create decryptors. Previously, ESET has released such tools for TeslaCrypt , several variants of Crysis , as well as for earlier variants of the AESNI ransomware .
Prevention is essential in keeping users safe from this long-known threat. We recommend that all users keep their operating systems and software updated, use reliable security solutions with multiple layers of protection, and regularly back up all important and valuable data at an offline location (such as external storage).
Businesses are advised to: