Bitdefender believes that the criminal group behind the GandCrab-ransomware has lost an estimated $1 million in ransom money. This was after Bitdefender released a free tool for ransomware victims to unlock their devices again.
According to the antivirus maker, at least 1,700 GandCrab victims were able to successfully unlock their devices in the first hours after the tool was released. Most of these victims were in South Korea, China, India and the United States. The tool was also developed in cooperation with Europol, the Romanian police and other authorities.
Error in the malware
Last week it turned out that there was a mistake in GandCrab’s code. This error made it possible for victims to unlock their files without paying the ransom. That’s what the Romanian police told ZDNet last week. The tool can decrypt GandCrab V1, V4 and V5 files.
One day after Bitdefender released the tool, the team behind GandCrab came up with version 5.0.5, which fixed the error. As a result, Bitdefender’s tool no longer works and can only be used by people whose device or network is infected by an older version of the malware.
#GandCrab version 5.0.5 in-the-wild 🦀 This new version breaks the #BitDefender decryption tool 😟- btw, nice catch by @tamas_boczan 👊
[+] Extension: 5 random letters.
[+] Ransom-note: [uppercased extension]-DECRYPT.txt
Sample on #VirusBay https://t.co/GxzO97IZgN pic.twitter.com/WHJeXFhhDb— Marcelo Rivero (@MarceloRivero) October 26, 2018
GandCrab versions V2 and V3 are still decipherable, but were only active between February and July 2018. This reduces the chance of finding someone whose device can be unlocked with it. According to Bitdefender, the most active versions of the ransomware are currently V4 and V5.
Bitdefender’s tool is a good indication that the advice of many connoisseurs must be followed. Victims of ransomware are often advised to set aside the encrypted documents and wait until a tool is released to unlock them free of charge.
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.