Got Ransomware? FBI Says, “Don't Pay It. Decrypt it.”

Got Ransomware? FBI Says, “Don’t Pay It. Decrypt it.” | Ron Benvenisti

On June 17, the FBI, in partnership with law enforcement agencies from 8 European countries, as well as Europol and BitDefender, released a decryption tool applicable to all versions of GandCrab ransomware.

GandCrab is the Grand Central Marketplace for ransomware as it operates using a ransomware-as-a-service (RaaS) business model, selling the right to distribute malware to affiliates in exchange for 40% of the ransoms.

GandCrab has targeted US victims in at least 8 critical infrastructure sectors. GandCrab rapidly rose to become the most prominent affiliate-based ransomware, and was estimated to hold 50% of the ransomware market share by mid-2018. Experts estimate GandCrab infected over 500,000 victims worldwide, causing losses in excess of $300 million.

The FBI is releasing the master keys in order to facilitate the development of additional decryption tools.

The decryption tool can be found at www.nomoreransom.org. The collaborative efforts further identified the master decryption keys for all new versions of GandCrab introduced since July 2018. The FBI has just released the master keys in order to facilitate the development of additional decryption tools.

Decryption tools for all of the following ransomware are also downloadable at www.nomoreransom.org

777 Ransom

AES_NI Ransom

Agent.iih Ransom

Alcatraz Ransom

Alpha Ransom

Amnesia Ransom

Amnesia2 Ransom

Annabelle Ransom

Aura Ransom

Aurora Ransom

AutoIt Ransom

AutoLocky Ransom

BTCWare Ransom

BadBlock Ransom

BarRax Ransom

Bart Ransom

BigBobRoss Ransom

Bitcryptor Ransom

CERBER V1 Ransom

Chimera Ransom

Coinvault Ransom

Cry128 Ransom

Cry9 Ransom

CrySIS Ransom

Cryakl Ransom

Crybola Ransom

Crypt888 Ransom

CryptON Ransom

CryptXXX V1 Ransom

CryptXXX V2 Ransom

CryptXXX V3 Ransom

CryptXXX V4 Ransom

CryptXXX V5 Ransom

CryptoMix Ransom

Cryptokluchen Ransom

DXXD Ransom

Damage Ransom

Democry Ransom

Derialock Ransom

Dharma Ransom

EncrypTile Ransom

Everbe 1.0 Ransom

FenixLocker Ransom

FilesLocker v1 and v2 Ransom

Fury Ransom

GandCrab (V1, V4 and V5 up to V5.2 versions) Ransom

GetCrypt Ransom

Globe Ransom

Globe/Purge Ransom

Globe2 Ransom

Globe3 Ransom

GlobeImposter Ransom

Gomasom Ransom

HKCrypt Ransom

HiddenTear Ransom

InsaneCrypt Ransom

JSWorm 2.0 Ransom

Jaff Ransom

Jigsaw Ransom

LECHIFFRE Ransom

LambdaLocker Ransom

Lamer Ransom

Linux.Encoder.1 Ransom

Linux.Encoder.3 Ransom

Lortok Ransom

MacRansom Ransom

Marlboro Ransom

Marsjoke aka Polyglot Ransom

MegaLocker Ransom

Merry X-Mas Ransom

MirCop Ransom

Mole Ransom

Nemucod Ransom

NemucodAES Ransom

Nmoreira Ransom

Noobcrypt Ransom

Ozozalocker Ransom

PHP ransomware Ransom

Pewcrypt Ransom

Philadelphia Ransom

Planetary Ransom

Pletor Ransom

Popcorn Ransom

Pylocky Ransom

Rakhni Ransom

Rannoh Ransom

Rotor Ransom

SNSLocker Ransom

Shade Ransom

Simplocker Ransom

Stampado Ransom

Teamxrat/Xpan Ransom

TeslaCrypt V1 Ransom

TeslaCrypt V2 Ransom

TeslaCrypt V3 Ransom

TeslaCrypt V4 Ransom

Thanatos Ransom. (Tool made by CISCO. Thanatos Decryptor is designed to decrypt files encrypted by Thanatos Ransom)

Trustezeb Ransom

Wildfire Ransom

XData Ransom

XORBAT Ransom

XORIST Ransom

ZQ Ransom

3 COMMENTS

Pickle July 16, 2019 12:03 pm At 12:03 pm

Thanks for posting this.
I sent it to a friend who got hacked and was asked to pay $50k…

This worked to get his files back.
JJ July 16, 2019 3:55 pm At 3:55 pm

Thank you very much! worked to retrieve over 4000 docs that i had deemed irretrievable.
tzvi July 16, 2019 6:56 pm At 6:56 pm

This is awesome

However….

ALWAYS BACKUP BACKUP BACKUP

Comments are closed.