Decryption Keys for GandCrab Ransomware Released by FBI

The FBI has released the Master Decryption Keys for GandCrab versions 4,5, 5.04 -5.1 and version 5.2 to members of its Infraguard program and through a Flash Alert according to Bleeping Computer. The FBI is releasing the master keys in order to facilitate the development of additional decryption tools by third parties. Bleeping Computer’s, Lawrence Abrams, recommends that third parties refer to Fortinet’s article for a deeper understanding of the encryption algorithm used in the version 4 key…

"The following information is being provided by the FBI, with no guarantees or warranties, for potential use at the sole discretion of recipients in order to protect against cyber threats. This data is
provided to help cyber security professionals and system administrators guard against the persistent malicious actions of cyber criminals.

This FLASH has been released TLP:WHITE: Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction. Master Decryption Keys for GandCrab, versions 4
through 5.2 "


“On 17 June 2019, the FBI, in partnership with law enforcement agencies from 8 European countries, as well as Europol and BitDefender, released a decryption tool applicable to all versions of
GandCrab ransomware. The decryption tool can be found at The collaborative efforts further identified the master decryption keys for all new versions of GandCrab
introduced since July 2018. The FBI is releasing the master keys in order to facilitate the development of additional decryption tools. GandCrab operates using a ransomware-as-a-service (RaaS) business
model, selling the right to distribute the malware to affiliates in exchange for 40% of the ransoms. GandCrab was first observed in January 2018 infecting South Korean companies, but GandCrab
campaigns quickly expanded globally to include US victims in early 2018, impacting at least 8 critical infrastructure sectors. As a result, GandCrab rapidly rose to become the most prominent affiliate-based ransomware, and was estimated to hold 50% of the ransomware market share by mid-2018. Experts estimate GandCrab infected over 500,000 victims worldwide, causing losses in excess of $300 million.”

More information at Bleeping Computer.

Featured Webinars

Advanced Phishing and

Monday 1:30 PM – 2:30 PM
» Learn More
Outlook Phish Alert Button
Tuesday 1:30 PM – 2:30 PM
» Learn More
Customizing Phishing Templates, Landing Pages, & Training Notifications
Wednesday 1:30 PM – 2:30 PM
» Learn More
Active Directory Integration
(ADI) Setup

Thursday 1:30 PM – 2:30 PM
» Learn More

Friday 1:30 PM – 2:30 PM
» Learn More

Privacy Policy | Terms of Service