28th February, 2018 By Tomas Meskauskas PCrisk
Summary - GANDCRAB is another ransomware-type virus distributed using RigEK toolkit. Once infiltrated, encrypts most stored data and adds the ".GDCB" extension to the name of each compromised file. From this point, files become unusable. Immediately after encryption, GANDCRAB generates a "GDCB-DECRYPT.txt" file and places a copy in every existing folder.
The new text file contains information regarding the current situation and instructs victims what to do next. To decrypt data, victims must open a Tor web page and follow the instructions within. The website states that decryption requires a unique key, which is stored on a remote server controlled by GANDCRAB's developers. Unfortunately, this information is accurate. Although it is currently unknown whether GANDCRAB uses symmetric or asymmetric cryptography, in all cases, file decryption without the key is impossible. Therefore, victims are encouraged to pay 1.5 Dash (cryptocurrency), currently equivalent to ~$1130. GANDCRAB is the first ransomware so far that accepts Dash coins. Once the ransom is paid, the decryption key is supposedly released. Be aware, however, that cyber criminals cannot be trusted. The cost is high and criminals are likely to ignore victims once payment is submitted. For these reasons, you are advised never to contact these people or pay any ransoms. Unfortunately, there are no tools capable of restoring files encrypted by GANDCRAB. Therefore, the only solution is to restore everything from a backup.
Article Link - Read more
Glossary Blog Back to the Malware Manifesto