On June 17, the FBI, in partnership with law enforcement agencies from 8 European countries, as well as Europol and BitDefender, released a decryption tool applicable to all versions of GandCrab ransomware.
GandCrab is the Grand Central Marketplace for ransomware as it operates using a ransomware-as-a-service (RaaS) business model, selling the right to distribute malware to affiliates in exchange for 40% of the ransoms.
GandCrab has targeted US victims in at least 8 critical infrastructure sectors. GandCrab rapidly rose to become the most prominent affiliate-based ransomware, and was estimated to hold 50% of the ransomware market share by mid-2018. Experts estimate GandCrab infected over 500,000 victims worldwide, causing losses in excess of $300 million.
The FBI is releasing the master keys in order to facilitate the development of additional decryption tools.
The decryption tool can be found at www.nomoreransom.org. The collaborative efforts further identified the master decryption keys for all new versions of GandCrab introduced since July 2018. The FBI has just released the master keys in order to facilitate the development of additional decryption tools.
Decryption tools for all of the following ransomware are also downloadable at www.nomoreransom.org
777 Ransom
AES_NI Ransom
Agent.iih Ransom
Alcatraz Ransom
Alpha Ransom
Amnesia Ransom
Amnesia2 Ransom
Annabelle Ransom
Aura Ransom
Aurora Ransom
AutoIt Ransom
AutoLocky Ransom
BTCWare Ransom
BadBlock Ransom
BarRax Ransom
Bart Ransom
BigBobRoss Ransom
Bitcryptor Ransom
CERBER V1 Ransom
Chimera Ransom
Coinvault Ransom
Cry128 Ransom
Cry9 Ransom
CrySIS Ransom
Cryakl Ransom
Crybola Ransom
Crypt888 Ransom
CryptON Ransom
CryptXXX V1 Ransom
CryptXXX V2 Ransom
CryptXXX V3 Ransom
CryptXXX V4 Ransom
CryptXXX V5 Ransom
CryptoMix Ransom
Cryptokluchen Ransom
DXXD Ransom
Damage Ransom
Democry Ransom
Derialock Ransom
Dharma Ransom
EncrypTile Ransom
Everbe 1.0 Ransom
FenixLocker Ransom
FilesLocker v1 and v2 Ransom
Fury Ransom
GandCrab (V1, V4 and V5 up to V5.2 versions) Ransom
GetCrypt Ransom
Globe Ransom
Globe/Purge Ransom
Globe2 Ransom
Globe3 Ransom
GlobeImposter Ransom
Gomasom Ransom
HKCrypt Ransom
HiddenTear Ransom
InsaneCrypt Ransom
JSWorm 2.0 Ransom
Jaff Ransom
Jigsaw Ransom
LECHIFFRE Ransom
LambdaLocker Ransom
Lamer Ransom
Linux.Encoder.1 Ransom
Linux.Encoder.3 Ransom
Lortok Ransom
MacRansom Ransom
Marlboro Ransom
Marsjoke aka Polyglot Ransom
MegaLocker Ransom
Merry X-Mas Ransom
MirCop Ransom
Mole Ransom
Nemucod Ransom
NemucodAES Ransom
Nmoreira Ransom
Noobcrypt Ransom
Ozozalocker Ransom
PHP ransomware Ransom
Pewcrypt Ransom
Philadelphia Ransom
Planetary Ransom
Pletor Ransom
Popcorn Ransom
Pylocky Ransom
Rakhni Ransom
Rannoh Ransom
Rotor Ransom
SNSLocker Ransom
Shade Ransom
Simplocker Ransom
Stampado Ransom
Teamxrat/Xpan Ransom
TeslaCrypt V1 Ransom
TeslaCrypt V2 Ransom
TeslaCrypt V3 Ransom
TeslaCrypt V4 Ransom
Thanatos Ransom. (Tool made by CISCO. Thanatos Decryptor is designed to decrypt files encrypted by Thanatos Ransom)
Trustezeb Ransom
Wildfire Ransom
XData Ransom
XORBAT Ransom
XORIST Ransom
ZQ Ransom
Thanks for posting this.
I sent it to a friend who got hacked and was asked to pay $50k…
This worked to get his files back.
Thank you very much! worked to retrieve over 4000 docs that i had deemed irretrievable.
This is awesome
However….
ALWAYS BACKUP BACKUP BACKUP