The malware was distributed via a highly successful affiliate nework that saw it at one point accounting for half of all ransomware infections
Security researchers have released what they say is likely to be the last decryption tool for the widespread GandCrab ransomware, after the developers of the attack code said they planned to retire.
GandCrab was first released in January of last year and has grown to become the most common strain of ransomware globally, at one point accounting for some 50 percent of all infections, said security firm Bitdefender.
It is thought to have infected more than 1.5 million Windows systems since launch.
The tool’s spread was helped along by an affiliate model that allowed criminals to buy ready-made kits in exchange for returning 40 percent of their takings to the developers.
“This fostered a diverse distribution system,” Bogdan Botezatu, director of threat research and reporting at Bitdefender, said in an advisory. “Some affiliates would spam out their payloads, while others would infect victims through, for instance, exploit kits or remote access to enterprise computers.”
Earlier this month it was reported that the GandCrab developers plan to retire, after having earned millions from their efforts and, they claimed on a hacking forum, investing it in legitimate businesses.
The developers have barred affiliates from new versions of the software and said they plan to shut the network down soon, deleting all decryption keys.
The move means attackers would be unable to decrypt targets’ files, even if they were paid to do so.
Bitdefender has, however, released a new version of its free decryptor tool that covers the latest versions of GandCrab, up to version 5.2, likely to be the final release, as well as all older versions.
The company has released several versions of the tool, which has been developed and made available in cooperation with Europol, the FBI, the UK’s National Crime Agency and Metropolitan Police, as well as other crime agencies and police forces.
The tools have decrypted more than 30,000 systems and saved targets more than $50 million (£40m) in unpaid ransoms.
The tool can be downloaded immediately from Bitdefender or from the No More Ransom project.
Bitdefender said organisations can defend themselves by keeping software up to date and maintaining regular backups.