Got Ransomware? FBI Says, “Don’t Pay It. Decrypt it.” | Ron Benvenisti

On June 17, the FBI, in partnership with law enforcement agencies from 8 European countries, as well as Europol and BitDefender, released a decryption tool applicable to all versions of GandCrab ransomware.

GandCrab is the Grand Central Marketplace for ransomware as it operates using a ransomware-as-a-service (RaaS) business model, selling the right to distribute malware to affiliates in exchange for 40% of the ransoms.

GandCrab has targeted US victims in at least 8 critical infrastructure sectors. GandCrab rapidly rose to become the most prominent affiliate-based ransomware, and was estimated to hold 50% of the ransomware market share by mid-2018. Experts estimate GandCrab infected over 500,000 victims worldwide, causing losses in excess of $300 million.

The FBI is releasing the master keys in order to facilitate the development of additional decryption tools.

The decryption tool can be found at The collaborative efforts further identified the master decryption keys for all new versions of GandCrab introduced since July 2018. The FBI has just released the master keys in order to facilitate the development of additional decryption tools.

Decryption tools for all of the following ransomware are also downloadable at

777 Ransom

AES_NI Ransom

Agent.iih Ransom

Alcatraz Ransom

Alpha Ransom

Amnesia Ransom

Amnesia2 Ransom

Annabelle Ransom

Aura Ransom

Aurora Ransom

AutoIt Ransom

AutoLocky Ransom

BTCWare Ransom

BadBlock Ransom

BarRax Ransom

Bart Ransom

BigBobRoss Ransom

Bitcryptor Ransom

CERBER V1 Ransom

Chimera Ransom

Coinvault Ransom

Cry128 Ransom

Cry9 Ransom

CrySIS Ransom

Cryakl Ransom

Crybola Ransom

Crypt888 Ransom

CryptON Ransom

CryptXXX V1 Ransom

CryptXXX V2 Ransom

CryptXXX V3 Ransom

CryptXXX V4 Ransom

CryptXXX V5 Ransom

CryptoMix Ransom

Cryptokluchen Ransom

DXXD Ransom

Damage Ransom

Democry Ransom

Derialock Ransom

Dharma Ransom

EncrypTile Ransom

Everbe 1.0 Ransom

FenixLocker Ransom

FilesLocker v1 and v2 Ransom

Fury Ransom

GandCrab (V1, V4 and V5 up to V5.2 versions) Ransom

GetCrypt Ransom

Globe Ransom

Globe/Purge Ransom

Globe2 Ransom

Globe3 Ransom

GlobeImposter Ransom

Gomasom Ransom

HKCrypt Ransom

HiddenTear Ransom

InsaneCrypt Ransom

JSWorm 2.0 Ransom

Jaff Ransom

Jigsaw Ransom


LambdaLocker Ransom

Lamer Ransom

Linux.Encoder.1 Ransom

Linux.Encoder.3 Ransom

Lortok Ransom

MacRansom Ransom

Marlboro Ransom

Marsjoke aka Polyglot Ransom

MegaLocker Ransom

Merry X-Mas Ransom

MirCop Ransom

Mole Ransom

Nemucod Ransom

NemucodAES Ransom

Nmoreira Ransom

Noobcrypt Ransom

Ozozalocker Ransom

PHP ransomware Ransom

Pewcrypt Ransom

Philadelphia Ransom

Planetary Ransom

Pletor Ransom

Popcorn Ransom

Pylocky Ransom

Rakhni Ransom

Rannoh Ransom

Rotor Ransom

SNSLocker Ransom

Shade Ransom

Simplocker Ransom

Stampado Ransom

Teamxrat/Xpan Ransom

TeslaCrypt V1 Ransom

TeslaCrypt V2 Ransom

TeslaCrypt V3 Ransom

TeslaCrypt V4 Ransom

Thanatos Ransom. (Tool made by CISCO. Thanatos Decryptor is designed to decrypt files encrypted by Thanatos Ransom)

Trustezeb  Ransom

Wildfire Ransom

XData Ransom



ZQ Ransom


This content, and any other content on TLS, may not be republished or reproduced without prior permission from TLS. Copying or reproducing our content is both against the law and against Halacha. To inquire about using our content, including videos or photos, email us at [email protected].

Stay up to date with our news alerts by following us on Twitter, Instagram and Facebook.

**Click here to join over 20,000 receiving our Whatsapp Status updates!**

**Click here to join the official TLS WhatsApp Community!**

Got a news tip? Email us at [email protected], Text 415-857-2667, or WhatsApp 609-661-8668.


Comments are closed.