How to remove Gandcrab 4 ransomware and decrypt .KRAB files

What is Gandcrab 4?

Gandcrab 4 is the fourth edition of infamous Grandcrab ransomware family which is designed to encrypt users’ personal files. Salsa20 cipher is used for encryption. Once the encryption procedure is done, the user is no longer able to use affected files that have got .KRAB extension. Developers also provide users with the instructions to recover encrypted files in form of TXT file (KRAB-DECRYPT.txt/CRAB-DECRYPT.txt) placing it on the desktop and in each folder with the ecnrypted file. In this article, you can learn how to remove Gandcrab 4 ransomware and decrypt .KRAB files without paying money to scammers.

The main distribution method of Gandcrab 4 is fraudulent emails which are distributed under the guise of various invoices, tax bills, the social surveys, reward or other things that could be of interest to the user. Therefore, be very wary when receiving emails from unknown recipients. Do not open any attachments without checking it first with a reliable antivirus. Compliance with this simple rule will help you avoid problems in the future.

This is what Gandcrab 4 ransom note contains:

–= GANDCRAB V4 =—
Attention!
All your files, documents, photos, databases and other important files are encrypted and have the extension: .KRAB
The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.
The server with your key is in a closed network TOR. You can get there by the following ways:
—————————————————————————————-
| 0. Download Tor browser – https://www.torproject.org/
| 1. Install Tor browser
| 2. Open Tor Browser
| 3. Open link in TOR browser: ***
| 4. Follow the instructions on this page
—————————————————————————————-
On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.
ATTENTION!
IN ORDER TO PREVENT DATA DAMAGE:
* DO NOT MODIFY ENCRYPTED FILES
* DO NOT CHANGE DATA BELOW
—BEGIN GANDCRAB KEY—
*************************************
—END GANDCRAB KEY—
—BEGIN PC DATA—
*************************************************==
—END PC DATA—

Here is used a typical scheme of all ransomware-type viruses – to make victims pay them. The only differences between them are the ransom price and encryption method. Cybercriminals state that there are no ways to recover your files but to pay a ransom. Once payment is done, they are supposed to send you decryption key. But you should know that nobody can guarantee that they will fulfill their end of the bargain. The practice shows that cyber-criminals just ignore people who paid them. That’s why you should not be pushed about by them because you can remain without money and files. On the contrary, you only may encourage them to continue their dirty business. In any case, you will be simply scammed. That’s why there is no need to contact them, it wouldn’t help. Still, Gandcrab 4 ransomware does very complicated encryption, but it does not damage, move or delete your files, which means you have a chance to restore your personal data, but for now, you should focus on removing Gandcrab 4 ransomware.

How to remove Gandcrab 4 from your computer?

You may try to use anti-malware tool to remove Gandcrab 4 ransomware from your computer. Newly advanced ransomware detection technology is able to run an instant ransomware scan, which is perfect to protect your computer in case of a new ransomware attack.
Download Norton

How to decrypt files encrypted by Gandcrab 4?

Decrypt .KRAB files manually

Once you’ve removed the virus, you are probably thinking of recovering files from encryption. Let’s take a look at possible ways of decrypting your data.

Recover data with Data Recovery

Download and install Data Recovery
Select drives and folders with your files, then click Scan.
Choose all the files in a folder, then press on Restore button.
Manage export location.

Download Data Recovery Pro _{The download is an evaluation version for recovering files. To unlock all features and tools, purchase is required ($49.99-299). By clicking the button you agree to EULA and Privacy Policy. Downloading will start automatically.}

Restore data with automated decryption tools

Unfortunately, due to the novelty of Gandcrab 4 ransomware, there are no available automatic decryptors for this encryptor yet. Still, there is no need to invest in the malicious scheme by paying a ransom. You are able to recover files manually.
You can try to use one of these methods in order to restore your encrypted data manually.

Restore data with Windows Previous Versions

This feature is working on Windows Vista (not Home version), Windows 7 and later versions. Windows saves copies of files and folders which you can use to restore data on your computer. In order to restore data from Windows Backup, take following steps:

Open My Computer and search for the folders you want to restore;
Right-click on the folder and choose Restore previous versions option;
The option will show you the list of all the previous copies of the folder;
Select restore date and the option you need: Open, Copy and Restore.

Restore the system with System Restore

You can always try to use System Restore in order to roll back your system to its condition before infection infiltration. All the Windows versions include this option.

Type restore in the Search tool;
Click on the result;
Choose restore point before the infection infiltration;
Follow the on-screen instructions.

Directories, files, and registry entries related to Gandcrab 4 ransomware:

CRAB-DECRYPT.txt (KRAB-DECRYPT.txt)
Crack_Ghost_Mouse_Auto_Clicker.exe
1.pdf
1.exe

Was this tutorial helpful?

[Total: 0 Average: 0]