Hackers with a heart? GandCrab devs send decryption keys to Syrians

In a rather interesting turn of events, the developers of the ransomware GandCrab are showing mercy to a specific subset of their victims. As reported by Bleeping Computer, the cybercriminals behind GandCrab have decided to release decryption keys to Syrian victims of the ransomware. What spurred this change of heart was pleas on social media from civilians caught in the brutal conflict, specifically those that lost family in said conflict. The heart-wrenching tweet below is an example of the requests, as it shows a father who merely desiring to have access to his computer that has photos of his dead children.


The hackers following this development, either out of compassion or to prevent being blacklisted by other hackers, proceeded to announce they would release decryption keys to Syrian victims. Their explanation was that this was a mistake and Syria was a country that should have been not allowed to be targeted by the ransomware. Whether or not this is actually true is up for debate, as someone surely would have noticed that Syrians had been attacked along with other targets. Nevertheless, it wasn’t long before the developers tried to rectify the situation.

Below is the statement released by GandCrab’s creators (which was translated from Russian by Lawrence Abrams of Bleeping Computer):

We regret that we did not initially add this country to the exceptions. But at least that way we can help them now. Whose keys are not (only for citizens of Syria and the CIS, Ukraine including) – you need to come to us and take a picture of yourself with a passport and payment page. After that, we will issue a decryptor for free. This is indicated just in case any clever people patch the file so that it works everywhere. Hi, Polish kurvy. As for other countries — we will not share the keys, even if we are closed someday. We will remove them. It is necessary to resume the punitive process in respect of some countries. Let me remind you that you can only decrypt using our keys that are stored on our server. We issue them only after payment. There are no other miracle ways. With love from crabs, representatives of different countries, religions, beliefs.

GandCrab hackers and other cybercriminals do not care who they hurt as long as they get a payday. While the victims of war in Syria will have the decryption keys, I am certain that there are other areas ravaged by war that have been hit by similar attacks. The way that malware spreads is without any real concern for human decency, and catching bastards who prey on the innocent is the single greatest reward of being a cybersecurity professional.

Featured image: Flickr / Freedom House

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top