The Federal Bureau of Investigation (FBI) has shared the master decryption keys for the GandCrab ransomware versions 4 through 5.2 (4, 5, 5.0.4, 5.1, and 5.2.)
A flash alert issued by the cyber division of the FBI contained three master decryption keys for the GandCrab ransomware capable of unlocking systems infected with more recent versions of GandCrab, efficiently supplying potential victims with the required tools to decrypt encrypted files without resorting to paying the ransom.
The release of the keys follows a June 1st announcement from the developers behind the highly notorious GandCrab ransomware that they were shutting down their illegal operation after allegedly earning more than $150 million from the approximately 18 months GandCrab was operating. That is short of more than the $2 billion in asserted earnings from the whole GandCrab network.
On June 17, Romanian cybersecurity company Bitdefender along with various law enforcement agencies (FBI, Europol, UK’s NCA, DIICOT) and NoMoreRansom collaboratively released a new free decryption tool for files encrypted by the GandCrab ransomware (Versions 1, 4, and 5 through 5.2).
It is not known how Bitdefender acquired access to the keys, though it is speculated that they could acquire access to the ransomware’s command and control (C&C) servers to download the keys.
While existing versions of GandCrab have been made less risky with the release of the master decryption keys, security professionals and law enforcement agencies are warning that new versions of malware along with unique encryption keys are presumably going to be developed in the future.