FBI released the key decryption key for GandCrab Ransomware
In the latest announcement, the US Federal Bureau of Investigation FBI has officially released decryption keys for blackmailing Gandcrab Ransomware versions 4, 5, 5.0.4, 5.1 and 5.2. Thus, by using these keys, any individual or organization can create and publish their own GandCrab decoder.
- Shade ransomware, the nightmare of 5 years ago is showing signs of returning
Gandcrab Ransomware
- GandCrab stopped working
- The FBI key allows anyone to create a GandCrab decoder
- The main decoding keys of GandCrab
GandCrab stopped working
After nearly a year and a half 'storming', June 1, 2019, the people behind GandCrab ransomware claimed that the malware stopped working and at the same time urged the malicious 'branches' of I stopped distributing this extortion code.
However, they have promptly collected over $ 2 billion from this malicious code. The huge amount of money is mainly collected through ransom payments of victims, of which GandCrab earns more than $ 2.5 million per week on average. More specifically, $ 150 million of them has been cashed and successfully "laundered" through investing in legitimate business projects.
- Ryuk Ransomware added "selective" encryption capabilities.
GandCrab notices and the amount of money earned
2 weeks after GandCrab announced its shutdown, security companies NoMoreRansom and Bitdefender teamed up with Europol, the FBI, as well as many other law enforcement agencies to research and release a dedicated decoder. for user files encrypted by GandCrab versions 1, 4 and 5 to 5.2.
Although Bitdefender is not clear about how they have gained access to these keys, observers say it is more likely that the security organization has access to servers only. Commander and control (C2 server) of GandCrab to download the key.
- New Android Trojans lead users to phishing websites by notification on the application
The FBI key allows anyone to create a GandCrab decoder
In the newly released "FBI Flash Alert" a few days ago, the three key decoding keys for malicious code from GandCrab were released to members of the FBI InfraGard program. Notices are issued by the FBI through InfraGard, categorized by the Traffic Light Protocol (the 'traffic signal' protocol, specifying how to share information). This notice is titled: "Master Decryption Keys for GandCrab, versions 4 through 5.2" (roughly translated: Main decoding keys for GandCrab, version 4 to 5.2), has been released as a TLP message: White, means that information can be publicly disclosed, without limitation.
- New ransomware detection not only encrypts files but also helps 'clean up' the system
New FBI announcement with TLP: White
In addition to accompanying key decoding keys, the FBI's notice also explains in detail how GandCrab RaaS and related statistics are, in particular, as follows:
"Beginning June 17, 2019, the FBI collaborated with law enforcement agencies from 8 European countries, as well as Europol and BitDefender, then released a decoding tool that could be applied. It can be used for all versions of ransomware GandCrab.You can find this decoding tool at www.nomoreransom.org, the collaborative efforts later helped identify additional key decoding keys for all new versions of GandCrab, introduced since July 2018. The FBI is releasing key keys to facilitate the development of additional decoding tools in the future.
Basically, GandCrab works using the ransomware-as-a-service (RaaS) model, earning profits by selling malware distribution rights to branches spreading malicious code globally to exchange take about 40% of the ransom. GandCrab was first discovered in January 2018 when the malware successfully infected in the system of several Korean businesses. Since then, GandCrab dispersal campaigns have been deployed very vigorously, helping this extortion code to rapidly expand its reach and presence globally, affecting at least eight areas Important infrastructure in the United States. Shortly thereafter, GandCrab quickly rose to become the world's most dangerous blackmail-based extortion software, and is believed to hold 50% of the global ransomware market share in the middle of 2018. According to estimates by experts, GandCrab infects more than 500,000 victims worldwide, causing damage in excess of $ 300 million. "
- Cr1ptT0r Ransomware spreads on D-Link NAS devices, targeting embedded systems
The main decoding keys of GandCrab
Below are the key decoding keys for versions GandCrab 4, 5, 5.0.4, 5.1 and 5.2.
To use the decryption key properly, you will need to familiarize yourself as well as learn the encryption methods used by different versions of GandCrab.
Key decodes for copies of GandCrab 4 and 5
BwIAAACkAABSU0EyAAgAAAEAAQC77wJGC16Mco6goDGulTOC1meJMrLtkqgWCrwowU0+AKPcSEc96ZrBMa5BxegicGp/dZiPxuvuZZsbltNNqj91C6V153HNiKB34MsvM6INq+TjQII/2ZVQpJJWqndhBXXyJYHaob4wp8vaK6OehasDjbvT8LuccZrUmM/GwqhihDKFTBss/+TY2eUquxgGCGr02NGNAONB/OfFICXS3Uf/JwkfbTRsigrrqxNICfYkJJiEIt3BoRxgYwZx7gBKIbofr0wD0sc/umQ5NbRECxdftSyMTrLmYbIjIU2t+9Qdlkuh/H+/mHi703Lx40YfA0wFGJbBR8CgbxcHERArLdTIeb+0g3U9aGAzu6R6yFJmLub6RDJKrgarWp++KR09uKbAygsQOKRSJ7phrAo7DoaPeq+6iZ1KUjOBdGveYSaltFOlSEeOqNcBCKXf8gbd1UXc8+Cty/0eVSwIY+LwWzmBdVD7XH42LBO9j2/irryjHQ2WLZGI5I854JlxCeDjgO7TV++RUzxdADB8ewANZih+yepnGK7SwrYl3aS3HZJ6U6G706Ix+C5JUG74jgeGFgEVRwUvibrV5IwpYetucmJHVvOWcFxwoy5/n1JmVN2y0Gqo4HDg9unsiq9nEJt/ujJNM8qzxJu2Zt5iFyEgkAw3FlB3mNpQ4Pe1hKsc+8CP1/ERhOCMHVewbW6Clh7MeL07qcODfNU/j5Ott4pFliGm1R1d3FA8OXFTwXHjYEIRBwbBAe5WXe3KeNJMxL5ANZtUJz6C50g3zXI6lfmOJXBimFnSnXEGdOMyqB62tpFkzdw1QhzaV8sfEiMhU/TG1RATJGyCEWMVsXhhTm2HaepNq+30KrO24G3fIB8E9FbMyNlLMj+eEFSkpf/FAY7zPJ+xi02uJZSHgHAY+qhFpA3F8uNnCPhUMPaeOgU55OhyUUcvgUHy4+nun3ajvJQItUYREhO6U7C2Z/DlLgrKslcmLMwuGVDa0kq92mnspwHXlZiSSbTWQQkaOQSJ1trCSbnemNtDUWaAhW6jEQVbn8NVd3vJ4FKezgoIvAXhwKcpPbUvjj2EuL3fOElltB+wwu57V/45jZMSHvsWfi+vB2B42XIiU0y0lrb8oFFFLByBNCbiqfmkID9rm6TYM4zcf51izQr+F2zEy31G2WgpcZp8jDvKyqNihZVvfeis7HFt4mG6dXTL5r2ATVRrMsaJJEk7svJv5M802hlFvg5lEApKDdL6URubHc7iqcjA//xjjd6eCPSrEMswPP6TN2j9CBAvW4Qo64/c+9js22PV78ushOowkob4wCp90kKyZsELsYjP15oCYMkFBE8lsXC6i5bO/7BSGXDNbvVz4kV/hCOB3YsqwU2IF4/ME3ERDhM62zrNZeAyUf66BC6LGizxx/gxm9oSn2A3F24LUc1oHwrpW8FLIx3LU0vBsH173GpfO+3WSKjbq9nUXR+cym6DBlutsrtafrf1SK65dgZ55WIHx34Jwh5FEjXaE8h3f+b8HEok5lwKoO8cU6O+3ecdsaM=
Key decoding for version of GandCrab 5.0.4 - 5.1
BwIAAACkAABSU0EyAAgAAAEAAQCPuVnJ9eIt7iW/ocAMfJrrTaSnrcIfGmFHmkciEOpvDXFx+KSjXOwgWWVPn8Cs/1RoQYLESNw2rLGjAxxg42/GTC8QTYU8n50I3JokQVIWjrhEoL5czMBkMJTo/MQjO9u6F/OKShMBz5tQim1oLq8UFu3YcuGZpvdr3gfVWhQj1Yt7NceDPpr2cBZvP6nxEi9b2V8PLp1q8CfUdYUHabTkrO9A7mkszHFTqtzp7pwUmO4KvHGJU8nWkjqbmyy/Pgdt6w1xrLy8oacfrVxA2nTamY1l+HQSNv/g17sgjJs9w624rFaxGPuystJHddPMzKGx4tv4KR2RvNGV2wxm4OGhL1XfrBAyeAJa6mU/TtLPV1nxRB/66g7QA8i0m5YZd49RqhBhEG0Wx1g1iMWlBsnk4fiR593JSYJQc+/hcs8bQYO66eXL62vz00zdcGBjGJJQsEikQrgAigApinO588NuwPNuOyejomwJYPHlgqKh2qfgTYHVpXNV4XN7eW8ZReShieGyX5yJYBolkJ3Za9oAravyjvOS+dklwwZcENV1SEW6T2sI9PKe7sOzfCLR62gDHEWjAcsUVCacId4JEegVK9H6pbRjTQ8V5ecUHl/RqoTZ1eLeH55tdLEbCWk1K7RQZCwpmlKvSWd+jfIW5pa9qjBISXGyghyDiZdwaTWMtdkXqA/zhTd9/1hrmA5NKx0URx1gqJPySnIAPXoSzNdpjfCacLBTbkhn0pbcXPdhpT5lqWikImK6vgRNewf9Idkoe6vTL/YzmaYOe43WvXyyajMr4JUzxXR2t0QnWQVPOyQrgYwas/PLs1vdSmsZkhD+6Ni33wnbSJrk+hwmShUogcpvyiOLBb+jFYQFwlQbD1fxLgAmJu7Y1oWEUXf//ZLB0u2JA+H6hMBwAFs1i/4VA1OBNogFft7S3Iy6S1Gva7+2Ft+VjAsugcuZLcd+Fj1Y+9ff3Zx24Vbwo+g6Ngxv2iYUTm8Ek+LXuyXn1RQcbEckI/lkNUmBT1YkTcUcpoPozbWpvVbwv17oSnuckVSZLDJHpNbsNHvEEfVhlg7BjqH15+qUWttOX2uYJyN2aOwgFt5072KsW0ZHMh0pwewPW1bNdAdrDmGSu89KxB+Hbj2IFEAWIjrnHTFhE62lHpyb/6TfIzv1eFfZUEYkwznkBqcASHHuoO7y/oERyRbmHcFg1bs1HlyRRIiwY5RC7aN7b3ZnRr7AdbjZN0jFaJTZpNC28uDH2II1TlQ8fn7YlYQbS1a2Bvbz0FBb53nrUtrazZZHxE7M3DamtqTIWezL5X4YVcpP5M6NJ3lr3QzNgJgmbciuo0BmCSg6WK7vJo6XHHneoNahSIPiUB27NJa11IRrSSiK08dinkp4+HBu+5H/wmJfbwcfXGA9rudEivLCZcGKcx/FUwY+5nE6TqYPYw48YPVxc81r5td44AoEBhMc5SBHrIpyQpQb2T5jE+jLeClcMec53+6voaVTtT33TrLxBKAF+gP7EIBgzAeaGw2Jpm1R4w/ivtbe0zopLgA=
Key decoding for version of GandCrab 5.2
BwIAAACkAABSU0EyAAgAAAEAAQBtwvOCqX7rw/P9P/NqSFQEe621TAAfjoG2UUw6dgLDRWo66kSsANjkrb5Cxdy2zW9f3+vu0TusoqUfwd6My8wJ0IEd0PpJ0V1IsHE504+zpG3oL8gMS7TPr3QvTMLMdMTKH/8f2LDCjfDfak/Zzz/tzm80KJ2eOQ1jTx+0Bn+j+Y0L0KzoiVJ2KpFbC5Gy2bkjYPLqkZ6Tx4NN7y6ekWkcLTMtyTgIqIchiJB4A+7xEtIkl80x5SyE4HTsyG/H9jIKQuYnUetZREYIagscrJtfYLjeiZCzwdlqb0KjA7Vi9BY5jci5bEjrGKBOeVBeL1atKOqFldgB7Wxs4SkGw4Lb0xCs0WVMJJBWFJYlMNqSbATwmKdrYhpm4IPAISa3EhfKQjHB9vNKRyPm+9zCmw/Nz1gDBlYxGeR9Gwvd/ZnzVa7OKSaoOdTOuPEQkYTFPJ2L5s2Qv7UyK3OzS5Va3er+20DB2NWm/FeVzXLwdhwEI8rM+rqlummMBWUJwPN1QP2/14ZRjaKFZFPByYhDVlSVDRSReXZ0xhjz9ZgWGNJCA94N8lVbUbZ2NHTr7xGY9movIl1+zdfFXvTv+Km72m+xkHSHe/IRr2DrLMRGtTDjwrtaFwdNgDNhNRABTlsTc1sSn3pE7owK/8HMvQG8K3YffEWNG9IeDoDSFCgiWZHk3bczBZAB9QqTI3zF3sx/lSQ0rMAKBsSVDW1mJs6VN5hc5oS78LQNKPmiZGqcD2ZtQOvNWQvZ/bX5RCCco3x7kg792SAsX0TI7IS+YunreAB7xkpbs0fhAWJNzNKRkRu2IWOtL7ePedmGoiH4jrrjkh26rMCvfbM/G/w4J4dUhSXlU2EdnoT6QU0OWlSnCww/lbvkylpdd6j5kYH6TnVEzYbghOwcehcjtAoWECH9r4vF9prRVfYXypu/qbIljpCNmRsmraYDkX+0udTR9ILTKrZri4xVeDWbT0BpllQzChCd6KUrv526JZuYemlVxS/6+/mOLUP5RI6nUWi/oSlS8mQgwYx0a2Kfk1HGMIjrGO2EQkty7LiFMf9E1ynqLaD4Uz+xzahY3UwPP9DdqkMxZ3eFebdU+uxUd0wGqXFZRCXfWgEIJe5z43TXY3fSPXQN5K4YSU+5QRQ7pH+MXpk8gw/dKt4v7+eyMGqxlLtuid2uovYbQu+8lgda2ff2j0RRLu0b+VuoWkweUSxoNIHaXhcnsLs432eA2w8txYFI1+uUKK1ecv1bolkvkai2ip53KVmW97g5+fZTXgNEPR7vdLeViYulD4RZINvZmQLgZQvPbS+cwMJKgE7YnRQQTr9BUb+139PQY5w6PoRkpTUdoHSdfe9qaiTs3vy3uCHt4mR5ODZ5z25b2223wHVVbhdTXzTZj1GBm8b0q+PpSCpu/l2Iffdv40pb7ufk2ILGftvPjZVbwBNjAPVXLPDybCxtA2xpk4gby/DN9cBOBuEQMMiSnljQ7sf6QBaSJa/vgvy77VyiM8kJxKBjXOrUlGz+4Li8eUdmYT6W8Dcutj5JmMA=
Say goodbye to GandCrab!
You should read it
- The official GandCrab 5.2 decoder was released, ending a bad nightmare called GandCrab Ransomeware
- GandCrab blackmail extinguished after earning $ 2.5 billion worldwide
- Warning: GandCrab extortionist code is attacking Vietnam
- Warning: New extortion code GandCrab is attacking Vietnamese Internet users
- Shade Ransomware stopped working, apologized to the victims, and released 750,000 decryption keys
- Warning: Detecting a campaign to spread malicious code GandCrab 5.2 into Vietnam via fake email of the Ministry of Public Security
- Shade ransomware, the nightmare of 5 years ago is showing signs of returning
- No More Ransom - the flag of the war against ransomware
- Free Lorenz ransomware decryption tool helps victims recover stolen data
- Application protection against DFA attacks
- Developer releases decryption key for Maze ransomware, Egregor
- Summary of popular network attacks today
Maybe you are interested
The official GandCrab 5.2 decoder was released, ending a bad nightmare called GandCrab Ransomeware
GandCrab blackmail extinguished after earning $ 2.5 billion worldwide
Warning: Detecting a campaign to spread malicious code GandCrab 5.2 into Vietnam via fake email of the Ministry of Public Security
Warning: New extortion code GandCrab is attacking Vietnamese Internet users
Warning: GandCrab extortionist code is attacking Vietnam