Syrian victims of the GandCrab ransomware can decrypt their files for free

The developers of the GandCrab ransomware have released the decryption keys for all Syrian victims in an underground cybercrime forum.

The authors of the infamous GandCrab ransomware have released the decryption keys for all Syrian victims in an underground cybercrime forum.

The crooks decided to release the decryption keys after a Syrian Twitter user published a harrowing message asking for help after photos of his deceased children were encrypted by the ransomware.

The SY_keys.txt file includes a list of 978 decryption keys for Syrian victims whose systems have been infected with GandCrab version 1.0 through 5.0.

Syrian victims that are not included in the file could receive the decryption keys by providing the GandCrab developers a picture of themselves, their passport, and their payment page. Providing crooks pictures of their passport is very risky, this kind of documents could be resold by the crooks or used by them for identity thefts.

Experts believe that security firms will develop a decryption tool based on the released encryption keys.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – GandCrab ransomware, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]