Anti-ransomware decryption tool, developed with Bulgarian assistance, released on October 25

As of October 25, victims of the GandCrab ransomware can recover their files without giving into the demands of the criminals thanks to a new decryption tool released for free on, European police agency Europol said.

This data recovery kit was developed by the Romanian Police in collaboration with its counterparts from Bulgaria, France, Hungary, Italy, Poland, the Netherlands, United Kingdom and United States, together with the security company Bitdefender and Europol.

“It is the most comprehensive decryption tool available to date for this particular ransomware family: it works for all but two existing versions of the malware (v.1,4 and 5), regardless of the victim’s geographical location,” Europol said.

This tool is released a week after the criminal group behind GandCrab made public decryption keys allowing only a limited pool of victims located in Syria to recover their files.

GandCrab is one of the most aggressive malware attacks in recent months, infecting nearly half a million victims since it was first detected in January 2018.

Once GandCrab takes over a victim’s computer and encrypts its files, it demands a ransom ranging from $300 to $6000. The ransom must be paid through virtual currencies known to make online transactions less traceable, such as DASH and Bitcoin.

In February 2018, a first decryption tool was made available on No More Ransom by the Romanian Police, with the support of the internet security company Bitdefender and Europol. A second version of the GandCrab ransomware was subsequently released by the criminals, this time with an improved coding which included comments to provoke law enforcement, security companies and No More Ransom. A third version followed a day later.

Now in its fifth version, this file-locking malware continues to be updated at an aggressive pace. Its developers are constantly releasing new versions of it, with new, more sophisticated samples being made available to bypass cybersecurity vendors’ countermeasures, Europol said.

The rapid spread of GandCrab has been helped along by a ransomware-as-a-service scheme, which offers on the dark web to wannabee criminals with little to no technical expertise a toolkit for launching quick and easy malware attacks, in exchange for a 30 per cent cut from each ransom payment.

In order to further maximise the profits, the GandCrab developers are also partnering up with other services in the cybercrime supply chain, enabling different criminal groups to practice their core competencies while working together to earn more illicit profits than they would be able to gather working individually.

Victims who have fallen to this ransomware should visit where this new decryption tool is available for free.

Europol said that the best cure against ransomware remains diligent prevention. Users are strongly advised to:

  • Always keep a copy of their most important files somewhere else: in the cloud, on another drive, on a memory stick, or on another computer.

  • Use reliable and up-to-date anti-virus software.

  • Not download programs from suspicious sources

  • Not open attachments in e-mails from unknown senders, even if they look important and credible

And if you are a victim, don’t pay the ransom!(Photo: jainapoorv/



The Sofia Globe staff

The Sofia Globe - the Sofia-based fully independent English-language news and features website, covering Bulgaria, the Balkans and the EU. Sign up to subscribe to's daily bulletin through the form on our homepage.