The developers behind the successful GandCrab Ransomware announced on 1 June 2019 that they are shutting down after supposed to raise up 2 billion dollars in ransom payments and earn 150 million dollars. Two weeks later, Bitdefender published a decryptor for GandCrab versions 1, 4 and 5 to 5.2, in cooperation with Europol, the FBI, numerous law enforcement agencies, and NoMoreRansom. Although it is not stated how Bitdefender has been able to access these keys, it is commonly believed they can access the command and control servers of the ransomware in order to download the keys. FBI lets anyone build a GandCrab decryptor. Three master decryption keys were released for FBI members of the InfraGard program in an “FBI Flash Alert” shared by BleepingComputer for GandCrab Ransomware. The FBI’s bulletins are classified by Traffic Light Protocol which determines how information can be shared. A TLP: White Bulletin, which means that the information can be disclosed without limitations, has been released with this warning, called “Master Decryption Keys for GandCrab, versions 4 to 5.2.” The bulletin also explains how GandCrab RaaS works and the corresponding statistics, along with the master decipherment keys. The master decryption keys for GandCrab 4, 5, 5.0.4, 5.1, and 5.2 are listed here. GandCrab operates using a ransomware-as-a-service (RaaS) business model, selling the right to distribute the malware to affiliates in exchange for 40% of the ransoms. GandCrab was first observed in January 2018 infecting South Korean companies, but GandCrab campaigns quickly expanded globally to include US victims in early 2018, impacting at least 8 critical infrastructure sectors. As a result, GandCrab rapidly rose to become the most prominent affiliate-based ransomware, and was estimated to hold 50% of the ransomware market share by mid-2018. Experts estimate GandCrab infected over 500,000 victims worldwide, causing losses in excess of $300 million.”
GandCrab v4 and 5 key
GandCrab v5.0.4 – v5.1 key
GandCrab v5.2 key
You need to get to know the encryption methods of GandCrab in different versions, to use them properly. This article by Fortinet provides a good introduction to the encryption algorithm employed in version 4.