FBI shares master decryption keys for prolific GandCrab ransomware

The FBI shared computer code Monday designed to counter a prolific and lucrative type of ransomware virus claiming victims in the U.S. and abroad.

A flash bulletin issued by the FBI’s Cyber Watch office included the master decryption keys needed to unlock computers infected with versions of ransomware known as GandCrab.

GandCrab functions like most ransomware strains by encrypting the contents of an infected computer and then holding that data hostage in exchange for a ransom paid in cryptocurrency. It has infected upwards of 500,000 victims worldwide since the start of 2018, in turn causing losses exceeding $300 million, the FBI said in the bulletin.

Described by the FBI as operating on a “ransomware-as-a-service” business model, GandCrab licenses are sold to affiliates who keep 60% percent of the ransoms paid. The remaining 40% is retained by the malware’s developers, reportedly earning millions of dollars annually for the cybercriminals selling access.

The FBI’s alert contained master decryption keys capable of unlocking computers infected with newer versions of GandCrab, effectively providing potential victims with the tools necessary to reel back without paying the ransom.

“This data is provided to help cyber security professionals and system administrators guard against the persistent malicious actions of cyber criminals,” the bulletin said.

The alert was shared with partners of the bureau’s InfraGard program and first reported by the Bleeping Computer tech site.

The FBI said its tools were developed in partnership with law enforcement agencies from eight European countries and Europol, in addition to BitDefender, a Romanian-based cybersecurity firm. The same coalition released a decryption tool designed for earlier versions of GandCrab last month, albeit in the aftermath of the malware’s operators announcing an end to their affiliate program.

In a message board posting announcing the end of their affiliate program, an internet account associated with GandCrab said the malware generated more than $2 billion total in ransom payments and earned its developers a weekly income of around $2.5 million.