UPDATE – July 16, 11:16 P.M.: This story has been updated to reflect the fact that the FBI has released master decryption keys for the GandCrab ransomware.
If your personal device or systems belonging to your corporation or friends were infected with the GandCrab ransomware, then you will be able to recover your encrypted files back safely for free utilizing a recently updated decryptor released by Bitdefender.
Note that the decryptor will work with versions 1 and 4, including the latest versions 5 to 5.2 which are deployed by cybercriminals.
The No More Ransom website is an initiative created by law enforcement agencies and American computer security software company McAfee to assist victims of ransomware in recovering their encrypted data without paying ransom demands.
2. Click the “Download” button under “
The official download URL for the decryptor is http://download.bitdefender.com/am/malware_removal/BDGandCrabDecryptTool.exe.
Before proceeding further in this tutorial, ensure that you have and maintain an active internet connection as this tool requires it.
3. Double-click the downloaded file and permit it to run on your computer by clicking “Yes” in the User Access Control (UAC) prompt.
4. After you have double-clicked on the tool, you should proceed by accepting the license agreement that shows up.
The decryption tool will open a window that tells you that the system has to be connected for the internet to work. The reason is that the tool will need to connect to the Bitdefender servers which will respond to the submitted ID with a potential valid RSA-2048 private key.
5. Tick the box “Scan entire system” if you wish to search for every encrypted file to decrypt the entire system.
Note that you also have the option to decrypt a particular folder by browsing to the path or you can tick the box “Scan entire system” to decrypt the entire system.
Before initiating the decryption process, we highly recommend that you also tick the box “Backup files”.
You may also select the “Overwrite existing clean files” option under the “Bitdefender advanced options” section which will allow the software to overwrite potential present clean files with their decrypted equivalent.
6. To start the decryption process, click on the “START TOOL” button.
Wait patiently as the software begins the decryption process.
After the tool starts the decryption process, the program will attempt to search for a ransom note to recover particular information which will be uploaded to Bitdefender servers.
The ransom note is needed to recover the decryption key. Hence, ensure you have not run any clean-up tools which would detect and delete the ransom note before running this tool.
After a decryption key is recovered and loaded, the program will begin to decrypt the files on your system. You may follow its progress by utilizing the scroll bar found within the software’s window.
After the decryption process has ended, the decryptor tool will notify you that it has finished its job and notify you if there are any problems.
if you selected the backup option earlier, you would be able to see both the encrypted and decrypted files on your computer.
If you want to remove your encrypted files, simply search for files matching the extension and delete them bulk. You should only do this after double checking that your files may be opened safely and there are no indications of damage.
You may locate a log illustrating the decryption process in the “%temp%\BDRemovalTool” folder.
If there are any problems, you may click on the log file link in the software’s window which will automatically open the “%Temp%\BDRansomDecryptor\BDRansomDecryptor\BitdefenderLog.txt” log file. This log file includes an overview of the decrypted files and any that could not be decrypted successfully.
We can see that the software successfully decrypted every file, except for ten files. It is fine since the files were distinct application files that may be easily reconstructed by merely reinstalling the application.
FBI Releases Master Decryption Keys For The GandCrab Ransomware
The FBI has released the master decryption keys for the GandCrab ransomware versions 4 through 5.2 (4, 5, 5.0.4, 5.1, and 5.2.) to the public via a flash alert. With these keys, any victimized individuals or companies may produce and release their own GandCrab decryption tool.