Victims of one the newest - and most unusual - families of ransomware could now be able to recover their files without giving into the demands Attack.Ransom of criminals because decryption tools have been released for free . A GandCrab ransomware decryption tool has been released as part of the No More Ransom initiative , following a combined operation by Bitdefender , the Romanian Police , the Directorate for Investigating Organized Crime and Terrorism ( DIICOT ) and Europol . GandGrab first appeared in January and has already claimed over 53,000 victims around the world , making it what Europol describe as `` one of the most aggressive forms of ransomware so far this year '' costing Attack.Ransom each victim anything from a few hundred dollars to a few thousand . This variant of the file-locking malware is unusual in a number of ways : not only is it spread via the use of exploit kits - a tactic usually reserved for the likes of trojans and cryptocurrency miners - it is also the first form of ransomware to ask for payments Attack.Ransom in Dash . Most other forms of ransomware demand the ransom Attack.Ransom be paid Attack.Ransom in bitcoin or Monero . The spread of GandGrab has also been helped along by a cybercrime-as-a-service scheme which offers a toolkit for deploying the ransomware in exchange for wannabee crooks giving the original authors a cut of their profits . It 's unknown which specific cybercriminal operation is behind GandGrab . However , the ransomware is advertised on Russian hacking forums , with the authors explicitly instructing those who become a part of the partnership scheme not to target Russia or any other country in the Commonwealth of Independent States of former Soviet republics . But regardless of who might be distributing GandCrab , now victims do n't need to pay a ransom Attack.Ransom to those looking to cash in on it , because the decryption tool is available for free from the No More Ransom portal and from Bitdefender . `` Ransomware has become a billion-dollar cash cow for malware authors , and GandCrab is one of the highest bidders , '' said Catalin Cosoi , senior director of the investigation and forensics unit at Bitdefender . In order to help prevent falling victim to ransomware , Bitdefender recommends regularly back-up sensitive data and to be wary of suspicious email attachments and malicious links . Launched in 2016 , the No More Ransom Attack.Ransom scheme brings law enforcement and private industry together in the fight against cybercrime and has helped thousands of ransomware victims retrieve their encrypted files without lining the pockets of crooks . The portal is available in 29 languages and since its launch has has received over 1.6 million visitors from a total of 180 countries . The release of GandCrab decryption tools comes shortly after an operation involving Europol , the Belgian National Police and Kaspersky Lab led to the release of free decryption tools for Cryakl ransomware .

Researchers are now observing similar destructive attacks hitting openly accessible Hadoop and CouchDB deployments . Security researchers Victor Gevers and Niall Merrigan , who monitored the MongoDB and Elasticsearch attacks so far , have also started keeping track of the new Hadoop and CouchDB victims . The two have put together spreadsheets on Google Docs where they document the different attack signatures and messages left behind after data gets wiped from databases . In the case of Hadoop , a framework used for distributed storage and processing of large data sets , the attacks observed so far can be described as vandalism . That 's because the attackers do n't ask for payments Attack.Ransom to be made in exchange for returning the deleted data . Instead , their message instructs the Hadoop administrators to secure their deployments in the future . According to Merrigan 's latest count , 126 Hadoop instances have been wiped so far . The number of victims is likely to increase because there are thousands of Hadoop deployments accessible from the internet -- although it 's hard to say how many are vulnerable . The attacks against MongoDB and Elasticsearch followed a similar pattern . The number of MongoDB victims jumped from hundreds to thousands in a matter of hours and to tens of thousands within a week . The latest count puts the number of wiped MongoDB databases at more than 34,000 and that of deleted Elasticsearch clusters at more than 4,600 . A group called Kraken0 , responsible for most of the ransomware attacks against databases , is trying to sell its attack toolkit and a list of vulnerable MongoDB and Elasticsearch installations for the equivalent of US $ 500 in bitcoins . The number of wiped CouchDB databases is also growing rapidly , reaching more than 400 so far . CouchDB is a NoSQL-style database platform similar to MongoDB . Unlike the Hadoop vandalism , the CouchDB attacks Attack.Ransom are accompanied by ransom messages , with attackers asking for Attack.Ransom 0.1 bitcoins ( around $ 100 ) to return the data . Victims are advised against paying Attack.Ransom because , in many of the MongoDB attacks Attack.Ransom , there was no evidence that attackers had actually copied Attack.Databreach the data before deleting it . Researchers from Fidelis Cybersecurity have also observed the Hadoop attacks and have published a blog post with more details and recommendations on securing such deployments