O FBI (Federal Bureau of Investigation) divulgou as chaves mestras de decodificação para todas as versões (4, 5, 5.0.4, 5.1 e 5.2) do ransomware Notorious GandCrab, que podem ser usadas tanto para organizações como para indivíduos.
O randomware Gandcrab foi inicialmente identificado em janeiro de 2018 e é um dos ransomwares mais sofisticados que causa bilhões de dólares em todo o mundo.
Existem 5 versões diferentes desde que o ransomware evoluiu e espalhou a infecção através de e-mails de spam maliciosos, kits de exploração, métodos de engenharia social.
Em 1º de junho, os agentes de ameaças por trás do GandCrab Ransomware divulgaram um anúncio dizendo que pararam de promover o ransomware e pediram aos afiliados que parassem com a distribuição de ransomware.
Start of GandCrab Ransomware : 28-1-2018 ..
Close of GandCrab Ransomware : 1-6-2019 ..@Raj_Samani @ValthekOn @John_Fokker @hasherezade @VK_Intel @James_inthe_box @luca_nagy_ @Bitdefender @Europol @campuscodi @tamas_boczan @JayTHL @demonslay335 @struppigel
57 people are talking about this
As operadoras do GandCrab Ransomware ganharam mais de US $ 2 bilhões em pagamentos de resgate a uma média de 2,5 milhões de dólares por semana.
Chaves de Decodificação Mestre para o GandCrab
FBI colaborou com várias agências de aplicação da lei e de 8 países europeus e Europol, empresa de segurança privada Bitdefender e lançou uma ferramenta de descriptografia livre ( encontrada aqui ) que se aplica a todas as versões do ransomware GandCrab.
Além disso, o efeito desta colaboração, Toda a versão das chaves Master Decryption para todas as novas versões do GandCrab introduzidas desde julho de 2018.
De acordo com as notas de lançamento do FBI , ”a GandCrab opera usando um modelo de negócio de ransomware como serviço (RaaS), vendendo o direito de distribuir o malware para afiliados em troca de 40% dos resgates. O GandCrab foi observado pela primeira vez em janeiro de 2018, infectando empresas sul-coreanas, mas as campanhas do GandCrab rapidamente se expandiram globalmente para incluir vítimas dos EUA no início de 2018, impactando pelo menos 8 setores de infraestrutura crítica. Como resultado, o GandCrab subiu rapidamente para se tornar o ransomware mais proeminente baseado em afiliados e foi estimado em 50% do mercado de ransomware em meados de 2018. Especialistas estimam que o GandCrab infectou mais de 500.000 vítimas em todo o mundo, causando perdas superiores a US $ 300 milhões.
Chaves de Decodificação Mestre
GandCrab v4 e 5
BwIAAACkAABSU0EyAAgAAAEAAQC77wJGC16Mco6goDGulTOC1meJMrLtkqgWCrwowU0 + AKPcSEc96ZrBMa5BxegicGp / dZiPxuvuZZsbltNNqj91C6V153HNiKB34MsvM6INq + TjQII / 2ZVQpJJWqndhBXXyJYHaob4wp8vaK6OehasDjbvT8LuccZrUmM / GwqhihDKFTBss / + TY2eUquxgGCGr02NGNAONB / OfFICXS3Uf / JwkfbTRsigrrqxNICfYkJJiEIt3BoRxgYwZx7gBKIbofr0wD0sc / umQ5NbRECxdftSyMTrLmYbIjIU2t + 9Qdlkuh / H + / + mHi703Lx40YfA0wFGJbBR8CgbxcHERArLdTIeb 0g3U9aGAzu6R6yFJmLub6RDJKrgarWp ++ KR09uKbAygsQOKRSJ7phrAo7DoaPeq + 6iZ1KUjOBdGveYSaltFOlSEeOqNcBCKXf8gbd1UXc8 + Cty / 0eVSwIY + LwWzmBdVD7XH42LBO9j2 / irryjHQ2WLZGI5I854JlxCeDjgO7TV ++ RUzxdADB8ewANZih + yepnGK7SwrYl3aS3HZJ6U6G706Ix + C5JUG74jgeGFgEVRwUvibrV5IwpYetucmJHVvOWcFxwoy5 / n1JmVN2y0Gqo4HDg9unsiq9nEJt / ujJNM8qzxJu2Zt5iFyEgkAw3FlB3mNpQ4Pe1hKsc + 8CP1 / ERhOCMHVewbW6Clh7MeL07qcODfNU / j5Ott4pFliGm1R1d3FA8OXFTwXHjYEIRBwbBAe5WXe3KeNJMxL5ANZtUJz6C50g3zXI6lfmOJXBimFnSnXEGdOMyqB62tpFkzdw1QhzaV8sfEiMhU / TG1RATJGyCEWMVsXhhTm2HaepNq + 30KrO24G3fIB8E9FbMyNlLMj + eEFSkpf / FAY7zPJ + xi02uJZSHgHAY + qhFpA3F8uNnCPhUMPaeOgU55OhyUUcvgUHy4 + nun3ajvJQItUYREhO6U7C2Z / DlLgrKslcmLMwuGVDa0kq92mnspwHXlZiSSbTWQQkaOQSJ1trCSbnemNtDUWaAhW6jEQVbn8NVd3vJ4FKezgoIvAXhwKcpPbUvjj2EuL3fOElltB + wwu57V / 45jZMSHvsWfi + vB2B42XIiU0y0lrb8oFFFLByBNCbiqfmkID9rm6TYM4zcf51izQr + F2zEy31G2WgpcZp8jDvKyqNihZVvfeis7HFt4mG6dXTL5r2ATVRrMsaJJEk7svJv5M802hlFvg5lEApKDdL6URubHc7iqcjA // xjjd6eCPSrEMswPP6TN2j9CBAvW4Qo64 / c + 9js22PV78ushOowkob4wCp90kKyZsELsYjP15oCYMkFBE8lsXC6i5bO / 7BSGXDNbvVz4kV / hCOB3YsqwU2IF4 / ME3ERDhM62zrNZeAyUf66BC6LGizxx / gxm9oSn2A3F24LUc1oHwrpW8FLIx3LU0vBsH173GpfO + 3WSKjbq9nUXR + cym6DBlutsrtafrf1SK65dgZ55WIHx34Jwh5FEjXaE8h3f + b8HEok5lwKoO8cU6O + = 3ecdsaM0kq92mnspwHXlZiSSbTWQQkaOQSJ1trCSbnemNtDUWaAhW6jEQVbn8NVd3vJ4FKezgoIvAXhwKcpPbUvjj2EuL3fOElltB + wwu57V / 45jZMSHvsWfi + vB2B42XIiU0y0lrb8oFFFLByBNCbiqfmkID9rm6TYM4zcf51izQr + F2zEy31G2WgpcZp8jDvKyqNihZVvfeis7HFt4mG6dXTL5r2ATVRrMsaJJEk7svJv5M802hlFvg5lEApKDdL6URubHc7iqcjA // xjjd6eCPSrEMswPP6TN2j9CBAvW4Qo64 / c + 9js22PV78ushOowkob4wCp90kKyZsELsYjP15oCYMkFBE8lsXC6i5bO / 7BSGXDNbvVz4kV / hCOB3YsqwU2IF4 / ME3ERDhM62zrNZeAyUf66BC6LGizxx / gxm9oSn2A3F24LUc1oHwrpW8FLIx3LU0vBsH173GpfO + 3WSKjbq9nUXR + cym6DBlutsrtafrf1SK65dgZ55WIHx34Jwh5FEjXaE8h3f + b8HEok5lwKoO8cU6O + = 3ecdsaM0kq92mnspwHXlZiSSbTWQQkaOQSJ1trCSbnemNtDUWaAhW6jEQVbn8NVd3vJ4FKezgoIvAXhwKcpPbUvjj2EuL3fOElltB + wwu57V / 45jZMSHvsWfi + vB2B42XIiU0y0lrb8oFFFLByBNCbiqfmkID9rm6TYM4zcf51izQr + F2zEy31G2WgpcZp8jDvKyqNihZVvfeis7HFt4mG6dXTL5r2ATVRrMsaJJEk7svJv5M802hlFvg5lEApKDdL6URubHc7iqcjA // xjjd6eCPSrEMswPP6TN2j9CBAvW4Qo64 / c + 9js22PV78ushOowkob4wCp90kKyZsELsYjP15oCYMkFBE8lsXC6i5bO / 7BSGXDNbvVz4kV / hCOB3YsqwU2IF4 / ME3ERDhM62zrNZeAyUf66BC6LGizxx / gxm9oSn2A3F24LUc1oHwrpW8FLIx3LU0vBsH173GpfO + 3WSKjbq9nUXR + cym6DBlutsrtafrf1SK65dgZ55WIHx34Jwh5FEjXaE8h3f + b8HEok5lwKoO8cU6O + = 3ecdsaMhOowkob4wCp90kKyZsELsYjP15oCYMkFBE8lsXC6i5bO / 7BSGXDNbvVz4kV / hCOB3YsqwU2IF4 / ME3ERDhM62zrNZeAyUf66BC6LGizxx / gxm9oSn2A3F24LUc1oHwrpW8FLIx3LU0vBsH173GpfO + 3WSKjbq9nUXR + cym6DBlutsrtafrf1SK65dgZ55WIHx34Jwh5FEjXaE8h3f + b8HEok5lwKoO8cU6O + = 3ecdsaMhOowkob4wCp90kKyZsELsYjP15oCYMkFBE8lsXC6i5bO / 7BSGXDNbvVz4kV / hCOB3YsqwU2IF4 / ME3ERDhM62zrNZeAyUf66BC6LGizxx / gxm9oSn2A3F24LUc1oHwrpW8FLIx3LU0vBsH173GpfO + 3WSKjbq9nUXR + cym6DBlutsrtafrf1SK65dgZ55WIHx34Jwh5FEjXaE8h3f + b8HEok5lwKoO8cU6O + = 3ecdsaM
GandCrab v5.0.4 - chave v5.1
BwIAAACkAABSU0EyAAgAAAEAAQCPuVnJ9eIt7iW / ocAMfJrrTaSnrcIfGmFHmkciEOpvDXFx + KSjXOwgWWVPn8Cs / 1RoQYLESNw2rLGjAxxg42 / GTC8QTYU8n50I3JokQVIWjrhEoL5czMBkMJTo / MQjO9u6F / OKShMBz5tQim1oLq8UFu3YcuGZpvdr3gfVWhQj1Yt7NceDPpr2cBZvP6nxEi9b2V8PLp1q8CfUdYUHabTkrO9A7mkszHFTqtzp7pwUmO4KvHGJU8nWkjqbmyy / Pgdt6w1xrLy8oacfrVxA2nTamY1l + HQSNv / g17sgjJs9w624rFaxGPuystJHddPMzKGx4tv4KR2RvNGV2wxm4OGhL1XfrBAyeAJa6mU / TtLPV1nxRB / 66g7QA8i0m5YZd49RqhBhEG0Wx1g1iMWlBsnk4fiR593JSYJQc + / + hcs8bQYO66eXL62vz00zdcGBjGJJQsEikQrgAigApinO588NuwPNuOyejomwJYPHlgqKh2qfgTYHVpXNV4XN7eW8ZReShieGyX5yJYBolkJ3Za9oAravyjvOS dklwwZcENV1SEW6T2sI9PKe7sOzfCLR62gDHEWjAcsUVCacId4JEegVK9H6pbRjTQ8V5ecUHl / RqoTZ1eLeH55tdLEbCWk1K7RQZCwpmlKvSWd + jfIW5pa9qjBISXGyghyDiZdwaTWMtdkXqA / zhTd9 / 1hrmA5NKx0URx1gqJPySnIAPXoSzNdpjfCacLBTbkhn0pbcXPdhpT5lqWikImK6vgRNewf9Idkoe6vTL / YzmaYOe43WvXyyajMr4JUzxXR2t0QnWQVPOyQrgYwas / + PLs1vdSmsZkhD6Ni33wnbSJrk + hwmShUogcpvyiOLBb + jFYQFwlQbD1fxLgAmJu7Y1oWEUXf // ZLB0u2JA + H6hMBwAFs1i / 4VA1OBNogFft7S3Iy6S1Gva7 + 2FT + VjAsugcuZLcd + Fj1Y + 9ff3Zx24Vbwo + g6Ngxv2iYUTm8Ek + LXuyXn1RQcbEckI / lkNUmBT1YkTcUcpoPozbWpvVbwv17oSnuckVSZLDJHpNbsNHvEEfVhlg7BjqH15 + qUWttOX2uYJyN2aOwgFt5072KsW0ZHMh0pwewPW1bNdAdrDmGSu89KxB + Hbj2IFEAWIjrnHTFhE62lHpyb / 6TfIzv1eFfZUEYkwznkBqcASHHuoO7y / oERyRbmHcFg1bs1HlyRRIiwY5RC7aN7b3ZnRr7AdbjZN0jFaJTZpNC28uDH2II1TlQ8fn7YlYQbS1a2Bvbz0FBb53nrUtrazZZHxE7M3DamtqTIWezL5X4YVcpP5M6NJ3lr3QzNgJgmbciuo0BmCSg6WK7vJo6XHHneoNahSIPiUB27NJa11IRrSSiK08dinkp4 + HBU + 5H / wmJfbwcfXGA9rudEivLCZcGKcx / FUwY + 5nE6TqYPYw48YPVxc81r5td44AoEBhMc5SBHrIpyQpQb2T5jE + jLeClcMec53 + 6voaVTtT33TrLxBKAF + gP7EIBgzAeaGw2Jpm1R4w / ivtbe0zopLgA =k + LXuyXn1RQcbEckI / lkNUmBT1YkTcUcpoPozbWpvVbwv17oSnuckVSZLDJHpNbsNHvEEfVhlg7BjqH15 + qUWttOX2uYJyN2aOwgFt5072KsW0ZHMh0pwewPW1bNdAdrDmGSu89KxB + Hbj2IFEAWIjrnHTFhE62lHpyb / 6TfIzv1eFfZUEYkwznkBqcASHHuoO7y / oERyRbmHcFg1bs1HlyRRIiwY5RC7aN7b3ZnRr7AdbjZN0jFaJTZpNC28uDH2II1TlQ8fn7YlYQbS1a2Bvbz0FBb53nrUtrazZZHxE7M3DamtqTIWezL5X4YVcpP5M6NJ3lr3QzNgJgmbciuo0BmCSg6WK7vJo6XHHneoNahSIPiUB27NJa11IRrSSiK08dinkp4 + HBU + 5H / wmJfbwcfXGA9rudEivLCZcGKcx / FUwY + 5nE6TqYPYw48YPVxc81r5td44AoEBhMc5SBHrIpyQpQb2T5jE + jLeClcMec53 + 6voaVTtT33TrLxBKAF + gP7EIBgzAeaGw2Jpm1R4w / ivtbe0zopLgA =k + LXuyXn1RQcbEckI / lkNUmBT1YkTcUcpoPozbWpvVbwv17oSnuckVSZLDJHpNbsNHvEEfVhlg7BjqH15 + qUWttOX2uYJyN2aOwgFt5072KsW0ZHMh0pwewPW1bNdAdrDmGSu89KxB + Hbj2IFEAWIjrnHTFhE62lHpyb / 6TfIzv1eFfZUEYkwznkBqcASHHuoO7y / oERyRbmHcFg1bs1HlyRRIiwY5RC7aN7b3ZnRr7AdbjZN0jFaJTZpNC28uDH2II1TlQ8fn7YlYQbS1a2Bvbz0FBb53nrUtrazZZHxE7M3DamtqTIWezL5X4YVcpP5M6NJ3lr3QzNgJgmbciuo0BmCSg6WK7vJo6XHHneoNahSIPiUB27NJa11IRrSSiK08dinkp4 + HBU + 5H / wmJfbwcfXGA9rudEivLCZcGKcx / FUwY + 5nE6TqYPYw48YPVxc81r5td44AoEBhMc5SBHrIpyQpQb2T5jE + jLeClcMec53 + 6voaVTtT33TrLxBKAF + gP7EIBgzAeaGw2Jpm1R4w / ivtbe0zopLgA =5X4YVcpP5M6NJ3lr3QzNgJgmbciuo0BmCSg6WK7vJo6XHHneoNahSIPiUB27NJa11IRrSSiK08dinkp4 + HBU + 5H / wmJfbwcfXGA9rudEivLCZcGKcx / FUwY + 5nE6TqYPYw48YPVxc81r5td44AoEBhMc5SBHrIpyQpQb2T5jE + jLeClcMec53 + 6voaVTtT33TrLxBKAF + gP7EIBgzAeaGw2Jpm1R4w / ivtbe0zopLgA =5X4YVcpP5M6NJ3lr3QzNgJgmbciuo0BmCSg6WK7vJo6XHHneoNahSIPiUB27NJa11IRrSSiK08dinkp4 + HBU + 5H / wmJfbwcfXGA9rudEivLCZcGKcx / FUwY + 5nE6TqYPYw48YPVxc81r5td44AoEBhMc5SBHrIpyQpQb2T5jE + jLeClcMec53 + 6voaVTtT33TrLxBKAF + gP7EIBgzAeaGw2Jpm1R4w / ivtbe0zopLgA =
Chave GandCrab v5.2
BwIAAACkAABSU0EyAAgAAAEAAQBtwvOCqX7rw / P9P / NqSFQEe621TAAfjoG2UUw6dgLDRWo66kSsANjkrb5Cxdy2zW9f3 + vu0TusoqUfwd6My8wJ0IEd0PpJ0V1IsHE504 + zpG3oL8gMS7TPr3QvTMLMdMTKH / 8f2LDCjfDfak / Zzz / tzm80KJ2eOQ1jTx + 0BN + j + Y0L0KzoiVJ2KpFbC5Gy2bkjYPLqkZ6Tx4NN7y6ekWkcLTMtyTgIqIchiJB4A + 7xEtIkl80x5SyE4HTsyG / H9jIKQuYnUetZREYIagscrJtfYLjeiZCzwdlqb0KjA7Vi9BY5jci5bEjrGKBOeVBeL1atKOqFldgB7Wxs4SkGw4Lb0xCs0WVMJJBWFJYlMNqSbATwmKdrYhpm4IPAISa3EhfKQjHB9vNKRyPm + 9zCmw / Nz1gDBlYxGeR9Gwvd / ZnzVa7OKSaoOdTOuPEQkYTFPJ2L5s2Qv7UyK3OzS5Va3er + 20DB2NWm / FeVzXLwdhwEI8rM + rqlummMBWUJwPN1QP2 / 14ZRjaKFZFPByYhDVlSVDRSReXZ0xhjz9ZgWGNJCA94N8lVbUbZ2NHTr7xGY9movIl1 + zdfFXvTv + Km72m + xkHSHe / IRr2DrLMRGtTDjwrtaFwdNgDNhNRABTlsTc1sSn3pE7owK / 8HMvQG8K3YffEWNG9IeDoDSFCgiWZHk3bczBZAB9QqTI3zF3sx / lSQ0rMAKBsSVDW1mJs6VN5hc5oS78LQNKPmiZGqcD2ZtQOvNWQvZ / bX5RCCco3x7kg792SAsX0TI7IS + YunreAB7xkpbs0fhAWJNzNKRkRu2IWOtL7ePedmGoiH4jrrjkh26rMCvfbM / L / w4J4dUhSXlU2EdnoT6QU0OWlSnCww / lbvkylpdd6j5kYH6TnVEzYbghOwcehcjtAoWECH9r4vF9prRVfYXypu / qbIljpCNmRsmraYDkX + 0udTR9ILTKrZri4xVeDWbT0BpllQzChCd6KUrv526JZuYemlVxS / 6 + / mOLUP5RI6nUWi / oSlS8mQgwYx0a2Kfk1HGMIjrGO2EQkty7LiFMf9E1ynqLaD4Uz + xzahY3UwPP9DdqkMxZ3eFebdU + uxUd0wGqXFZRCXfWgEIJe5z43TXY3fSPXQN5K4YSU + 5QRQ7pH + MXpk8gw / dKt4v7 + eyMGqxlLtuid2uovYbQu + 8lgda2ff2j0RRLu0b + VuoWkweUSxoNIHaXhcnsLs432eA2w8txYFI1 + uUKK1ecv1bolkvkai2ip53KVmW97g5 + fZTXgNEPR7vdLeViYulD4RZINvZmQLgZQvPbS + cwMJKgE7YnRQQTr9BUb + 139PQY5w6PoRkpTUdoHSdfe9qaiTs3vy3uCHt4mR5ODZ5z25b2223wHVVbhdTXzTZj1GBm8b0q + PpSCpu / l2Iffdv40pb7ufk2ILGftvPjZVbwBNjAPVXLPDybCxtA2xpk4gby / DN9cBOBuEQMMiSnljQ7sf6QBaSJa / vgvy77VyiM8kJxKBjXOrUlGz + 4Li8eUdmYT6W8Dcutj5JmMA =JZuYemlVxS / 6 + / mOLUP5RI6nUWi / oSlS8mQgwYx0a2Kfk1HGMIjrGO2EQkty7LiFMf9E1ynqLaD4Uz + xzahY3UwPP9DdqkMxZ3eFebdU + uxUd0wGqXFZRCXfWgEIJe5z43TXY3fSPXQN5K4YSU + 5QRQ7pH + MXpk8gw / dKt4v7 + eyMGqxlLtuid2uovYbQu + 8lgda2ff2j0RRLu0b + VuoWkweUSxoNIHaXhcnsLs432eA2w8txYFI1 + uUKK1ecv1bolkvkai2ip53KVmW97g5 + fZTXgNEPR7vdLeViYulD4RZINvZmQLgZQvPbS + cwMJKgE7YnRQQTr9BUb + 139PQY5w6PoRkpTUdoHSdfe9qaiTs3vy3uCHt4mR5ODZ5z25b2223wHVVbhdTXzTZj1GBm8b0q + PpSCpu / l2Iffdv40pb7ufk2ILGftvPjZVbwBNjAPVXLPDybCxtA2xpk4gby / DN9cBOBuEQMMiSnljQ7sf6QBaSJa / vgvy77VyiM8kJxKBjXOrUlGz + = 4Li8eUdmYT6W8Dcutj5JmMAJZuYemlVxS / 6 + / mOLUP5RI6nUWi / oSlS8mQgwYx0a2Kfk1HGMIjrGO2EQkty7LiFMf9E1ynqLaD4Uz + xzahY3UwPP9DdqkMxZ3eFebdU + uxUd0wGqXFZRCXfWgEIJe5z43TXY3fSPXQN5K4YSU + 5QRQ7pH + MXpk8gw / dKt4v7 + eyMGqxlLtuid2uovYbQu + 8lgda2ff2j0RRLu0b + VuoWkweUSxoNIHaXhcnsLs432eA2w8txYFI1 + uUKK1ecv1bolkvkai2ip53KVmW97g5 + fZTXgNEPR7vdLeViYulD4RZINvZmQLgZQvPbS + cwMJKgE7YnRQQTr9BUb + 139PQY5w6PoRkpTUdoHSdfe9qaiTs3vy3uCHt4mR5ODZ5z25b2223wHVVbhdTXzTZj1GBm8b0q + PpSCpu / l2Iffdv40pb7ufk2ILGftvPjZVbwBNjAPVXLPDybCxtA2xpk4gby / DN9cBOBuEQMMiSnljQ7sf6QBaSJa / vgvy77VyiM8kJxKBjXOrUlGz + = 4Li8eUdmYT6W8Dcutj5JmMAbS + + cwMJKgE7YnRQQTr9BUb 139PQY5w6PoRkpTUdoHSdfe9qaiTs3vy3uCHt4mR5ODZ5z25b2223wHVVbhdTXzTZj1GBm8b0q + PpSCpu / l2Iffdv40pb7ufk2ILGftvPjZVbwBNjAPVXLPDybCxtA2xpk4gby / DN9cBOBuEQMMiSnljQ7sf6QBaSJa / vgvy77VyiM8kJxKBjXOrUlGz + = 4Li8eUdmYT6W8Dcutj5JmMAbS + + cwMJKgE7YnRQQTr9BUb 139PQY5w6PoRkpTUdoHSdfe9qaiTs3vy3uCHt4mR5ODZ5z25b2223wHVVbhdTXzTZj1GBm8b0q + PpSCpu / l2Iffdv40pb7ufk2ILGftvPjZVbwBNjAPVXLPDybCxtA2xpk4gby / DN9cBOBuEQMMiSnljQ7sf6QBaSJa / vgvy77VyiM8kJxKBjXOrUlGz + = 4Li8eUdmYT6W8Dcutj5JmMA
O FBI liberou essas chaves mestras para que a organização desenvolvesse suas próprias ferramentas de descriptografia.
