Bitdefender believes the criminal group behind the GandCrab ransomware has lost an estimated $1 million in ransom payments after the company released a free decryption utility for GandCrab victims last week.
Also: 7 tips for SMBs to improve data security TechRepublic
The Romanian antivirus maker says that at least 1,700 GandCrab victims were able to successfully decrypt GandCrab-locked files within hours after the tool's release.
Most of these users were located in South Korea, China, India, and the US, according to statistics released by the company yesterday.
Bitdefender released a free decryption utility for recovering files locked by the GandCrab ransomware last week, in collaboration with Europol, Romanian Police, and other law enforcement organizations.
As a Romanian Police spokesperson told ZDNet last week, the tool leveraged a flaw in the ransomware's encryption scheme to allow victims to decrypt their files without paying the crooks' ransom fee.
The tool can recover files encrypted by GandCrab versions v1 (GDCB extension), v4 (KRAB extension), and v5 (random 10-character extension, also the current/latest GandCrab version), respectively.
A day after Bitdefender released its decryption utility, the GandCrab team also released a new version, v5.0.5, that fixed the encryption loophole and broke the company's decrypter.
GandCrab versions v2 and v3 are still undecryptable, but those versions have been active only between February and July, and have not been seen in recent infections.
Bitdefender says the "most prolific GandCrab ransomware versions are v4 and v5."
Bitdefender's GandCrab decryption utility is the perfect example why most security experts will always advise victims to put their ransomware-encrypted files aside and wait for a free decryption utility to be released in the coming months.
While decryption utilities may not be published for all ransomware strains, when they do, they can offer victims a chance at recovering files once considered lost.
Related stories:
- What is ransomware? Everything you need to know about one of the biggest menaces on the web
- Magecart group leverages zero-days in 20 Magento extensions
- Microsoft Windows zero-day disclosed on Twitter, again
- Zero-day in popular jQuery plugin actively exploited for at least three years
- New Flash 0-day exploit bypasses browser, infects via Office instead TechRepublic
- Microsoft October 2018 Patch Tuesday fixes 0-day exploited by FruityArmor APT
- Apple MacOS Mojave zero-day privacy bypass vulnerability revealed
- Hackers demand bitcoin from PGA in ransomware attack, says report CNET