Bitdefender believes the criminal group behind the GandCrab ransomware has lost an estimated $1 million in ransom payments after the company released a free decryption utility for GandCrab victims last week.
The tool can recover files encrypted by GandCrab versions v1 (GDCB extension), v4 (KRAB extension), and v5 (random 10-character extension, also the current/latest GandCrab version), respectively.
A day after Bitdefender released its decryption utility, the GandCrab team also released a new version, v5.0.5, that fixed the encryption loophole and broke the company's decrypter.
GandCrab versions v2 and v3 are still undecryptable, but those versions have been active only between February and July, and have not been seen in recent infections.
Bitdefender says the "most prolific GandCrab ransomware versions are v4 and v5."
Bitdefender's GandCrab decryption utility is the perfect example why most security experts will always advise victims to put their ransomware-encrypted files aside and wait for a free decryption utility to be released in the coming months.
While decryption utilities may not be published for all ransomware strains, when they do, they can offer victims a chance at recovering files once considered lost.